messages32.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages31.html">
Previous messages
     </a>

     <div class="message service" id="message-931">

      <div class="body details">
22 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:42">
23:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 Organizations warned of ransomware risk from smaller operators 📢</strong><br><br><code>They may not have the financial muscle, but small-time cyber crooks can cause havoc for critical systems</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361296/organizations-warned-of-ransomware-risk-from-smaller-operators">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31099">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:43">
23:26
       </div>

       <div class="text">
<strong>📢 IT Pro News in Review: MacBook refresh, Facebook creating jobs and facial recognition in schools 📢</strong><br><br><code>Catch up on the biggest headlines of the week in just two minutes</code><br><br><a href="https://www.itpro.co.uk/hardware/361332/it-pro-news-in-review-macbook-refresh-facebook-eu-jobs-facial-recognition-schools">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31100">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:47">
23:26
       </div>

       <div class="text">
<strong>📢 The IT Pro Podcast: Should the US cyber army be more aggressive? 📢</strong><br><br><code>Is a more proactive strategy the answer to increasing attacks from Russia and China?</code><br><br><a href="https://www.itpro.co.uk/security/cyber-warfare/361329/the-it-pro-podcast-should-the-us-cyber-army-be-more-aggressive">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31101">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:48">
23:26
       </div>

       <div class="text">
<strong>📢 Iranian hacking group continues to target US citizens 📢</strong><br><br><code>APT35 used phishing attacks and uploaded spyware onto Google Play Store</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361282/iranian-hacking-group-continues-to-target-us-citizens">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31102">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:49">
23:26
       </div>

       <div class="text">
<strong>📢 Oak9’s IaC security platform now available on AWS 📢</strong><br><br><code>The solution speeds up app deployment while providing comprehensive security</code><br><br><a href="https://www.itpro.co.uk/security/361341/oak9s-iac-security-platform-now-available-on-aws">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31103">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:50">
23:26
       </div>

       <div class="text">
<strong>📢 The best remote access solutions 📢</strong><br><br><code>We round up the top remote access software for mobile workers, including those with collaboration, screen-sharing and support tools</code><br><br><a href="https://www.itpro.co.uk/desktop-software/28122/the-best-remote-access-solutions">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31104">

      <div class="body">

       <div class="pull_right date details" title="22.10.2021 23:26:51">
23:26
       </div>

       <div class="text">
<strong>📢 Almost 70% of CISOs expect a ransomware attack 📢</strong><br><br><code>Many companies are willing to make ransomware payments in the face of the growing threat</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361298/nearly-seven-in-ten-cisos-expect-a-ransomware-attack">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-932">

      <div class="body details">
25 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31105">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 07:13:20">
07:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40371 ‼</strong><br><br><code>Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40371">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31106">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 07:13:22">
07:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-21703 ‼</strong><br><br><code>In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21703">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31107">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 07:43:41">
07:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Cybersecurity Awareness Month: Listen up – CYBERSECURITY FIRST! ⚠</strong><br><br><code>Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-week4/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31108">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 07:43:43">
07:43
       </div>

       <div class="text">
<strong>⚠ REvil ransomware gang allegedly forced offline by law enforcement counterattacks ⚠</strong><br><br><code>One down. Lots more to go. Here&apos;s what to do...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/22/revil-ransomware-gang-allegedly-forced-offline-by-law-enforcement-counterattacks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31109">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 09:13:28">
09:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40527 ‼</strong><br><br><code>Exposure of senstive information to an unauthorised actor in the &quot;com.onepeloton.erlich&quot; mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40527">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31110">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 09:13:29">
09:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-40526 ‼</strong><br><br><code>Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40526">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31111">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 11:43:43">
11:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks ⚠</strong><br><br><code>Everyone remembers this year&apos;s big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-supply-chain-attacks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31112">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 11:46:51">
11:46
       </div>

       <div class="text">
<strong>🗓️ Polygon pays out record $2 million bug bounty reward for critical vulnerability 🗓️</strong><br><br><code>Ethical hacker bags top prize for double spend flaw in smart contract</code><br><br><a href="https://portswigger.net/daily-swig/polygon-pays-out-record-2-million-bug-bounty-reward-for-critical-vulnerability">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31113">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 12:15:36">
12:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Discourse fixes critical validation-related vulnerability in forum software 🗓️</strong><br><br><code>We need to talk about lack of validation</code><br><br><a href="https://portswigger.net/daily-swig/discourse-fixes-critical-validation-related-vulnerability-in-forum-software">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31114">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 12:30:18">
12:30
       </div>

       <div class="text">
<strong>❌ CISA Urges Sites to Patch Critical RCE in Discourse ❌</strong><br><br><code>The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazon’s Seller Central.</code><br><br><a href="https://threatpost.com/cisa-critical-rce-discourse/175705/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31115">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 12:43:45">
12:43
       </div>

       <div class="text">
<strong>⚠ Listen up 3 – CYBERSECURITY FIRST! Cyberinsurance, help or hindrance? ⚠</strong><br><br><code>Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-cyberinsurance/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31116">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:40">
13:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24774 ‼</strong><br><br><code>The Check &amp; Log Email WordPress plugin before 1.0.3 does not validate and escape the &quot;order&quot; and &quot;orderby&quot; GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24774">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31117">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:41">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-24515 ‼</strong><br><br><code>The Video Gallery – Vimeo and YouTube Gallery WordPress plugin through 1.1.4 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24515">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31118">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:42">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-24608 ‼</strong><br><br><code>The Formidable Form Builder – Contact Form, Survey &amp; Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form&apos;s Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24608">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31119">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:44">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-24489 ‼</strong><br><br><code>The Request a Quote WordPress plugin before 2.3.5 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24489">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31120">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:44">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-24884 ‼</strong><br><br><code>The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like &lt;audio&gt;,&lt;video&gt;,&lt;img&gt;,&lt;a&gt; and&lt;button&gt;.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the &quot;data-frmverify&quot; tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24884">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31121">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:45">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-0939 ‼</strong><br><br><code>In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186026549References: N/A</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31122">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:47">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-0410 ‼</strong><br><br><code>In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561360; Issue ID: ALPS05561360.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0410">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31123">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:49">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2020-7859 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7859">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31124">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:50">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2020-14264 ‼</strong><br><br><code>&quot;HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK&quot;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14264">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31125">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:50">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-0414 ‼</strong><br><br><code>In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561384; Issue ID: ALPS05561384.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0414">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31126">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:51">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-0633 ‼</strong><br><br><code>In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05585423; Issue ID: ALPS05585423.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0633">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31127">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:52">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-0409 ‼</strong><br><br><code>In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561359; Issue ID: ALPS05561359.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0409">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31128">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:53">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-0935 ‼</strong><br><br><code>In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0935">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31129">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:54">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-24544 ‼</strong><br><br><code>The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders (https://wordpress.org/support/topic/slider-can-be-changed-from-any-user-even-subscriber/, such settings can be changed in the plugin&apos;s settings), this would allow user with a role as low as subscriber to perform Cross-Site Scripting attacks against logged in admins viewing the slider list and could lead to privilege escalation by creating a rogue admin account for example.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24544">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31130">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:55">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-24779 ‼</strong><br><br><code>The WP Debugging WordPress plugin before 2.11.0 has its update_settings() function hooked to admin_init and is missing any capability and CSRF checks, as a result, the settings can be updated by unauthenticated users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24779">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31131">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:13:59">
13:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-0634 ‼</strong><br><br><code>In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0634">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31132">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:14:00">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-0625 ‼</strong><br><br><code>In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0625">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31133">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:14:01">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-0613 ‼</strong><br><br><code>In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05489178.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0613">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31134">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:14:02">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41035 ‼</strong><br><br><code>In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41035">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31135">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:14:04">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24514 ‼</strong><br><br><code>The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24514">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31136">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:16:42">
13:16
       </div>

       <div class="text">
<strong>🗓️ Popular NPM package UA-Parser-JS poisoned with cryptomining, password-stealing malware 🗓️</strong><br><br><code>Developer moves quickly to address vulnerabilities after his account was compromised</code><br><br><a href="https://portswigger.net/daily-swig/popular-npm-package-ua-parser-js-poisoned-with-cryptomining-password-stealing-malware">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31137">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:22">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24699 ‼</strong><br><br><code>The Easy Media Download WordPress plugin before 1.1.7 does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24699">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31138">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:24">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-0663 ‼</strong><br><br><code>In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844458; Issue ID: ALPS05844458.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0663">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31139">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:25">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24744 ‼</strong><br><br><code>The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 does not sanitise and escape the Form Title before outputting it in some admin pages. which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24744">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31140">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:26">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-0662 ‼</strong><br><br><code>In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844434; Issue ID: ALPS05844434.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0662">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31141">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:28">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-0411 ‼</strong><br><br><code>In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561362; Issue ID: ALPS05561362.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0411">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31142">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:29">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-0941 ‼</strong><br><br><code>In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0941">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31143">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:31">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24414 ‼</strong><br><br><code>The Video Player for YouTube WordPress plugin before 1.4 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24414">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31144">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:33">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-24885 ‼</strong><br><br><code>The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24885">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31145">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:35">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-0615 ‼</strong><br><br><code>In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561369; Issue ID: ALPS05561369.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0615">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31146">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:36">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-0630 ‼</strong><br><br><code>In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0630">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31147">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:23:37">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-20908 ‼</strong><br><br><code>Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20908">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31148">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:42:22">
13:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 REvil ransomware group reportedly taken offline by multi-nation effort 🦿</strong><br><br><code>Law enforcement officials and cyber specialists hacked into REvil&apos;s network, gaining control of some of its servers, sources told Reuters.</code><br><br><a href="https://www.techrepublic.com/article/revil-ransomware-group-reportedly-taken-offline-by-multi-nation-effort/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31149">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:42:24">
13:42
       </div>

       <div class="text">
<strong>🦿 Companies that pay ransomware attackers get thumbs down from consumers 🦿</strong><br><br><code>More than half of those surveyed by data management firm Cohesity said that companies that pay the ransom in an attack encourage ransomware and bad actors.</code><br><br><a href="https://www.techrepublic.com/article/companies-that-pay-ransomware-attackers-get-thumbs-down-from-consumers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31150">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 13:45:16">
13:45
       </div>

       <div class="text">
<strong>⚠ Listen up 4 – CYBERSECURITY FIRST! Purple teaming – learning to think like your adversaries ⚠</strong><br><br><code>Michelle Farenci knows her stuff, because she&apos;s a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/listen-up-4-cybersecurity-first-purple-teaming-learning-to-think-like-your-adversaries/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31151">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 14:13:46">
14:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Listen up 4 – CYBERSECURITY FIRST! Purple teaming – learning to think like your adversaries ⚠</strong><br><br><code>Michelle Farenci knows her stuff, because she&apos;s a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/listen-up-4-cybersecurity-first-purple-teaming-learning-to-think-like-your-adversaries/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31152">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 14:13:47">
14:13
       </div>

       <div class="text">
<strong>⚠ Cybersecurity Awareness Month: Listen up – CYBER­SECURITY FIRST! ⚠</strong><br><br><code>Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-week4/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31153">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 14:13:48">
14:13
       </div>

       <div class="text">
<strong>⚠ Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks ⚠</strong><br><br><code>Everyone remembers this year&apos;s big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-supply-chain-attacks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31154">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 14:13:49">
14:13
       </div>

       <div class="text">
<strong>⚠ Listen up 3 – CYBERSECURITY FIRST! Cyberinsurance, help or hindrance? ⚠</strong><br><br><code>Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-cyberinsurance/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31155">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 14:45:34">
14:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 GNU Privacy Guard 2.2.32 🛠</strong><br><br><code>GnuPG (the GNU Privacy Guard or GPG) is GNU&apos;s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.</code><br><br><a href="https://packetstormsecurity.com/files/164630/gnupg-2.2.32.tar.bz2">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31156">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 14:45:35">
14:45
       </div>

       <div class="text">
<strong>🛠 GNU Privacy Guard 2.3.3 🛠</strong><br><br><code>GnuPG (the GNU Privacy Guard or GPG) is GNU&apos;s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.</code><br><br><a href="https://packetstormsecurity.com/files/164631/gnupg-2.3.3.tar.bz2">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31157">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:23">
15:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37624 ‼</strong><br><br><code>FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing. By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the `auth-messages` parameter to `true`, it is not the default setting. Abuse of this security issue allows attackers to send SIP MESSAGE messages to any SIP user agent that is registered with the server without requiring authentication. Additionally, since no authentication is required, chat messages can be spoofed to appear to come from trusted entities. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. This issue is patched in version 1.10.7. Maintainers recommend that this SIP message type is authenticated by default so that FreeSWITCH administrators do not need to be explicitly set the `auth-messages` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37624">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31158">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:24">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34854 ‼</strong><br><br><code>This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13544.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34854">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31159">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:25">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34863 ‼</strong><br><br><code>This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:page parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13271.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34863">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31160">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:26">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34855 ‼</strong><br><br><code>This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13592.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34855">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31161">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:28">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34856 ‼</strong><br><br><code>This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13581.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34856">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31162">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:29">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41176 ‼</strong><br><br><code>Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel&apos;s sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41176">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31163">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:30">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34861 ‼</strong><br><br><code>This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the webproc endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12104.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34861">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31164">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:31">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34862 ‼</strong><br><br><code>This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the var:menu parameter provided to the webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13270.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34862">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31165">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:32">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34857 ‼</strong><br><br><code>This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13601.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34857">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31166">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:33">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-21319 ‼</strong><br><br><code>Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21319">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31167">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:35">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34864 ‼</strong><br><br><code>This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the WinAppHelper component. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13543.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34864">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31168">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:36">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34859 ‼</strong><br><br><code>This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TVS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13697.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34859">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31169">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 15:14:37">
15:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34860 ‼</strong><br><br><code>This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34860">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31170">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 17:13:52">
17:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ Conti Ransom Gang Starts Selling Access to Victims ♟️</strong><br><br><code>The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti&apos;s malware who refuse to negotiate a ransom payment are added to Conti&apos;s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.</code><br><br><a href="https://krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31171">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 17:13:53">
17:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-39220 ‼</strong><br><br><code>Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39220">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31172">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 17:13:54">
17:13
       </div>

       <div class="text">
<strong>‼ CVE-2021-39221 ‼</strong><br><br><code>Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Contacts application is upgraded to 4.0.3. As a workaround, one may use a browser that has support for Content-Security-Policy.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39221">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31173">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 18:00:35">
18:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ BillQuick Billing App Rigged to Inflict Ransomware ❌</strong><br><br><code>A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.</code><br><br><a href="https://threatpost.com/billquick-billing-app-ransomware/175720/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31174">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 18:30:29">
18:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Groove Calls for Cyberattacks on US as REvil Payback ❌</strong><br><br><code>The bold move signals a looming clash between Russian ransomware groups and the U.S.</code><br><br><a href="https://threatpost.com/groove-ransomware-revil-revenge-us-cyberattacks/175726/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31175">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 18:30:31">
18:30
       </div>

       <div class="text">
<strong>🕴 Who&apos;s In Your Wallet? Exploring Mobile Wallet Security 🕴</strong><br><br><code>Security flaws in contactless payments for transportation systems could lead to fraud for stolen devices, researchers find.</code><br><br><a href="https://www.darkreading.com/mobile/who-s-in-your-wallet-exploring-mobile-wallet-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31176">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 19:00:53">
19:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Industrial Goods &amp; Services Tops Ransomware Targets in 2021 🕴</strong><br><br><code>While the industrial goods and services sector saw a decline in attacks during the third quarter, it remains the most targeted sector for ransomware this year.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/industrial-goods-services-tops-ransomware-targets-in-2021">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31177">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 19:00:55">
19:00
       </div>

       <div class="text">
<strong>❌ Defending Assets You Don’t Know About Against Cyberattacks ❌</strong><br><br><code>No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.</code><br><br><a href="https://threatpost.com/defending-unknown-assets-cyberattacks/175730/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31178">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 19:30:36">
19:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat 🕴</strong><br><br><code>Microsoft says the group has attacked more than 140 service providers, and compromised 14 of them, between May and October of this year.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31179">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:14:06">
21:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41177 ‼</strong><br><br><code>Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41177">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31180">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:14:07">
21:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41179 ‼</strong><br><br><code>Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn&apos;t enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn&apos;t authenticated. This particularly affects the Nextcloud Talk application, as this could be leveraged to gain access to any private chat channel without going through the Two-Factor flow. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41179">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31181">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:14:08">
21:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-39224 ‼</strong><br><br><code>Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39224">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31182">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:14:09">
21:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41105 ‼</strong><br><br><code>FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack. When a media port that is handling SRTP traffic is flooded with a specially crafted SRTP packet, the call is terminated leading to denial of service. This issue was reproduced when using the SDES key exchange mechanism in a SIP environment as well as when using the DTLS key exchange mechanism in a WebRTC environment. The call disconnection occurs due to line 6331 in the source file `switch_rtp.c`, which disconnects the call when the total number of SRTP errors reach a hard-coded threshold (100). By abusing this vulnerability, an attacker is able to disconnect any ongoing calls that are using SRTP. The attack does not require authentication or any special foothold in the caller&apos;s or the callee&apos;s network. This issue is patched in version 1.10.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41105">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31183">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:14:10">
21:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38258 ‼</strong><br><br><code>NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38258">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31184">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:14:12">
21:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41145 ‼</strong><br><br><code>Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. This issue was patched in version 1.10.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41145">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31185">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:14:14">
21:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-39225 ‼</strong><br><br><code>Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39225">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31186">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:14:15">
21:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38260 ‼</strong><br><br><code>NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38260">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31187">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:14:16">
21:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41178 ‼</strong><br><br><code>Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41178">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31188">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:14:17">
21:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-39223 ‼</strong><br><br><code>Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3. As a workaround, disable the Richdocuments application in the app settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39223">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31189">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:30:43">
21:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Forcepoint Completes Acquisition of Bitglass 🕴</strong><br><br><code>The acquisition of Bitglass will be the third technology acquisition for Forcepoint this year.</code><br><br><a href="https://www.darkreading.com/cloud/forcepoint-completes-acquisition-of-bitglass">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31190">

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 21:30:43">
21:30
       </div>

       <div class="text">
<strong>🕴 Jumio Launches End-to-end Orchestration for its KYX Platform 🕴</strong><br><br><code>Platform combines digital identity proofing, compliance verification and anti-money laundering checks.</code><br><br><a href="https://www.darkreading.com/operations/jumio-launches-end-to-end-orchestration-for-its-kyx-platform">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31191">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.10.2021 22:00:46">
22:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 OpenText Strengthens Ransomware Resilience 🕴</strong><br><br><code>New detection and alert functions within Carbonite Server increase data protection against ransomware.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/opentext-strengthens-ransomware-resilience">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-933">

      <div class="body details">
26 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31192">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:02:07">
09:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Wardrivers Can Still Easily Crack 70% of WiFi Passwords 🕴</strong><br><br><code>Weaknesses in the current WiFi standard and poorly chosen passwords allowed one wardriver to recover 70% of wireless network passwords.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/wardrivers-can-still-crack-70-of-wifi-passwords">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31193">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:45">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2020-5669 ‼</strong><br><br><code>Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5669">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31194">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:46">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-40344 ‼</strong><br><br><code>An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31195">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:47">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34583 ‼</strong><br><br><code>Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34583">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31196">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:48">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34585 ‼</strong><br><br><code>In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34585">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31197">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:51">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34595 ‼</strong><br><br><code>A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34595">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31198">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:52">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34584 ‼</strong><br><br><code>Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34584">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31199">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:53">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-40345 ‼</strong><br><br><code>An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31200">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:54">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34596 ‼</strong><br><br><code>A crafted request may cause a read access to an uninitialized pointer in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34596">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31201">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:55">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-42343 ‼</strong><br><br><code>An issue was discovered in Dask (aka python-dask) through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31202">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:56">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-40343 ‼</strong><br><br><code>An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40343">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31203">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:57">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34593 ‼</strong><br><br><code>In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34593">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31204">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:14:57">
09:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-34586 ‼</strong><br><br><code>In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34586">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31205">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 09:30:59">
09:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads ❌</strong><br><br><code>UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.</code><br><br><a href="https://threatpost.com/android-scammed-sms-fraud-tik-tok/175739/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31206">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 11:02:23">
11:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Pulling Back the Curtain on Bug Bounties 🕴</strong><br><br><code>It&apos;s critical that infosec professionals and consumers understand threats and vulnerabilities, but they are being kept in the dark.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/pulling-back-the-curtain-on-bug-bounties">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31207">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 11:14:53">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-26607 ‼</strong><br><br><code>An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26607">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31208">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 11:14:54">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41873 ‼</strong><br><br><code>Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to remotely control the TV.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41873">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31209">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 11:14:55">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-37371 ‼</strong><br><br><code>Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37371">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31210">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 11:14:56">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-26609 ‼</strong><br><br><code>A vulnerability was found in Mangboard(WordPress plugin). A SQL-Injection vulnerability was found in order_type parameter. The order_type parameter makes a SQL query using unfiltered data. This vulnerability allows a remote attacker to steal user information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26609">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31211">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 11:14:57">
11:14
       </div>

       <div class="text">
<strong>‼ CVE-2011-2195 ‼</strong><br><br><code>A flaw was found in WebSVN 2.3.2. Without prior authentication, if the &apos;allowDownload&apos; option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed &apos;path&apos; argument to execute arbitrary commands against the underlying operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2195">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31212">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 11:15:01">
11:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-37372 ‼</strong><br><br><code>Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31213">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 11:15:03">
11:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41078 ‼</strong><br><br><code>Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41078">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31214">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 11:15:05">
11:15
       </div>

       <div class="text">
<strong>‼ CVE-2011-4119 ‼</strong><br><br><code>caml-light &lt;= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4119">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31215">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 11:46:32">
11:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Africa sees increase in ransomware, botnet attacks – but online scams still pose biggest threat 🗓️</strong><br><br><code>Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns in latest market report</code><br><br><a href="https://portswigger.net/daily-swig/africa-sees-increase-in-ransomware-botnet-attacks-but-online-scams-still-pose-biggest-threat">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31216">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 12:16:34">
12:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ SQL injection flaw in billing software app tied to US ransomware infection 🗓️</strong><br><br><code>BillQuick customers blindsided by recently patched web security flaw</code><br><br><a href="https://portswigger.net/daily-swig/sql-injection-flaw-in-billing-software-app-tied-to-us-ransomware-infection">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31217">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 12:34:11">
12:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Cybersecurity Talent Gap Shrinks to 2.72 Million Individuals 🔏</strong><br><br><code>A new report suggests the job market saw 700,000 new cybersecurity professionals since 2020. While the number is an improvement, the gap continues to outpace what’s needed.</code><br><br><a href="https://digitalguardian.com/blog/cybersecurity-talent-gap-shrinks-272-million-individuals">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31218">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 12:46:34">
12:46
       </div>

       <div class="text">
<strong>🗓️ Infosec skills gap widens in all regions bar Asia-Pacific – report 🗓️</strong><br><br><code>Overall worldwide shortfall shrinks 400k to 2.7m unfilled positions</code><br><br><a href="https://portswigger.net/daily-swig/infosec-skills-gap-widens-in-all-regions-bar-asia-pacific-report">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31219">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:01:13">
13:01
       </div>

       <div class="text">
<strong>❌ Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users ❌</strong><br><br><code>The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.</code><br><br><a href="https://threatpost.com/mozilla-firefox-blocks-malicious-add-ons-installed-by-455k-users/175745/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31220">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:14:58">
13:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41173 ‼</strong><br><br><code>Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41173">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31221">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:00">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41184 ‼</strong><br><br><code>jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41184">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31222">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:02">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41185 ‼</strong><br><br><code>Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41185">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31223">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:03">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41157 ‼</strong><br><br><code>FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse of this security issue allows attackers to subscribe to user agent event notifications without the need to authenticate. This abuse poses privacy concerns and might lead to social engineering or similar attacks. For example, attackers may be able to monitor the status of target SIP extensions. Although this issue was fixed in version v1.10.6, installations upgraded to the fixed version of FreeSWITCH from an older version, may still be vulnerable if the configuration is not updated accordingly. Software upgrades do not update the configuration by default. SIP SUBSCRIBE messages should be authenticated by default so that FreeSWITCH administrators do not need to explicitly set the `auth-subscriptions` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41157">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31224">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:05">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41183 ‼</strong><br><br><code>jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41183">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31225">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:07">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41175 ‼</strong><br><br><code>Pi-hole&apos;s Web interface (based on AdminLTE) provides a central location to manage one&apos;s Pi-hole and review the statistics generated by FTLDNS. Prior to version 5.8, cross-site scripting is possible when adding a client via the groups-clients management page. This issue was patched in version 5.8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41175">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31226">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:08">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-37364 ‼</strong><br><br><code>OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37364">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31227">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:11">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41188 ‼</strong><br><br><code>Shopware is open source e-commerce software. Versions prior to 5.7.6 contain a cross-site scripting vulnerability. This issue is patched in version 5.7.6. Two workarounds are available. Using the security plugin or adding a particular following config to the `.htaccess` file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41188">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31228">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:14">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41158 ‼</strong><br><br><code>FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH&apos;s SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. Abuse of this vulnerability allows attackers to potentially recover gateway passwords by performing a fast offline password cracking attack on the challenge response. The attacker does not require special network privileges, such as the ability to sniff the FreeSWITCH&apos;s network traffic, to exploit this issue. Instead, what is required for this attack to work is the ability to cause the victim server to send SIP request messages to the malicious party. Additionally, to exploit this issue, the attacker needs to specify the correct realm which might in some cases be considered secret. However, because many gateways are actually public, this information can easily be retrieved. The vulnerability appears to be due to the code which handles challenges in `sofia_reg.c`, `sofia_reg_handle_sip_r_challenge()` which does not check if the challenge is originating from the actual gateway. The lack of these checks allows arbitrary UACs (and gateways) to challenge any request sent by FreeSWITCH with the realm of the gateway being targeted. This issue is patched in version 10.10.7. Maintainers recommend that one should create an association between a SIP session for each gateway and its realm to make a check be put into place for this association when responding to challenges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41158">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31229">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:16">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41172 ‼</strong><br><br><code>AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution. This issue is patched in version 0.5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41172">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31230">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:18">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-37363 ‼</strong><br><br><code>An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37363">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31231">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:15:19">
13:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41182 ‼</strong><br><br><code>jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41182">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31232">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:42:50">
13:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 9 key security threats that organizations will face in 2022 🦿</strong><br><br><code>Supply chain attacks, misinformation campaigns, mobile malware and larger scale data breaches are just some of the threats to watch for next year, Check Point Software says.</code><br><br><a href="https://www.techrepublic.com/article/9-key-security-threats-that-organizations-will-face-in-2022/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31233">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 13:42:51">
13:42
       </div>

       <div class="text">
<strong>🦿 Phishing attack exploits Craigslist and Microsoft OneDrive 🦿</strong><br><br><code>A phishing campaign took advantage of the mail relay function on Craigslist, which allows attackers to remain anonymous, Inky says.</code><br><br><a href="https://www.techrepublic.com/article/phishing-attack-exploits-craigslist-and-microsoft-onedrive/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31234">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 14:14:17">
14:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Attackers Hijack Craigslist Emails to Deliver Malware ❌</strong><br><br><code>Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.”</code><br><br><a href="https://threatpost.com/attackers-hijack-craigslist-email-malware/175754/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31235">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 14:14:19">
14:14
       </div>

       <div class="text">
<strong>⚠ Listen up 4 – CYBERSECURITY FIRST! Purple teaming – learning to think like your adversaries ⚠</strong><br><br><code>Michelle Farenci knows her stuff, because she&apos;s a cybersecurity practitioner inside a cybersecurity company! Learn why thinking like an attacker makes you a better defender.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/listen-up-4-cybersecurity-first-purple-teaming-learning-to-think-like-your-adversaries/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31236">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 14:14:20">
14:14
       </div>

       <div class="text">
<strong>⚠ Cybersecurity Awareness Month: Listen up – CYBER­SECURITY FIRST! ⚠</strong><br><br><code>Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-week4/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31237">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 14:14:21">
14:14
       </div>

       <div class="text">
<strong>⚠ Banking scam uses Docusign phish to thieve 2FA codes ⚠</strong><br><br><code>This scam is obviously inapplicable to 999 people in every 1000... but there are LOTS of 1-in-1000 people in the world!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/26/banking-scam-uses-docusign-phish-to-thieve-2fa-codes/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31238">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 14:14:22">
14:14
       </div>

       <div class="text">
<strong>⚠ Listen up 2 – CYBERSECURITY FIRST! How to protect yourself from supply chain attacks ⚠</strong><br><br><code>Everyone remembers this year&apos;s big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-supply-chain-attacks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31239">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 14:14:23">
14:14
       </div>

       <div class="text">
<strong>⚠ Listen up 3 – CYBERSECURITY FIRST! Cyberinsurance, help or hindrance? ⚠</strong><br><br><code>Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-cyberinsurance/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31240">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 15:04:02">
15:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ FBI Raids Chinese Point-of-Sale Giant PAX Technology ♟️</strong><br><br><code>U.S. federal investigators today raided the U.S. offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX&apos;s systems may have been involved in cyberattacks on U.S. and E.U. organizations.</code><br><br><a href="https://krebsonsecurity.com/2021/10/fbi-raids-chinese-point-of-sale-giant-pax-technology/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31241">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 15:15:02">
15:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-35499 ‼</strong><br><br><code>The Web Reporting component of TIBCO Software Inc.&apos;s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim&apos;s local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.&apos;s TIBCO Nimbus: versions 10.4.0 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35499">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31242">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 15:32:30">
15:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 DoJ &amp; Europol Arrest 150 in Disruption of DarkNet Drug Operation 🕴</strong><br><br><code>Operation Dark HunTor targeted opioid traffickers on the DarkNet, leading to the seizure of weapons, drugs, and $31 million.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/doj-europol-arrest-150-in-disruption-of-darknet-drug-operation">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31243">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 15:32:31">
15:32
       </div>

       <div class="text">
<strong>🕴 Are Baby Boomers More Vulnerable Online Than Younger Generations? You Might Be Surprised 🕴</strong><br><br><code>Growing up with computers and the Internet doesn&apos;t necessarily convey all the advantages often attributed to younger users.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/are-baby-boomers-more-vulnerable-online-than-younger-generations-you-might-be-surprised">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31244">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 15:36:15">
15:36
       </div>

       <div class="text">
<strong>❌ Why the Next-Generation of Application Security Is Needed ❌</strong><br><br><code>New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.</code><br><br><a href="https://threatpost.com/next-generation-application-security/175765/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31245">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 15:42:53">
15:42
       </div>

       <div class="text">
<strong>🦿 You definitely don&apos;t want to play: Squid Game-themed malware is here 🦿</strong><br><br><code>The stakes may not be as high as in the hit Netflix show, but you could still lose your data or identity if you fail to follow the rules for dodging the latest brand of pop-culture-themed scams.</code><br><br><a href="https://www.techrepublic.com/article/you-definitely-dont-want-to-play-squid-game-themed-malware-is-here/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31246">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 17:06:18">
17:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Lazarus Attackers Turn to the IT Supply Chain ❌</strong><br><br><code>Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.</code><br><br><a href="https://threatpost.com/lazarus-apt-it-supply-chain/175772/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31247">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 18:02:46">
18:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cybersecurity Talent Gap Narrows as Workforce Grows 🕴</strong><br><br><code>Job satisfaction and salaries have both increased for cybersecurity professionals, as younger workers seek specific training to prepare for a cybersecurity career.</code><br><br><a href="https://www.darkreading.com/careers-and-people/cybersecurity-talent-gap-narrows-as-workforce-grows">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31248">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 18:32:47">
18:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CISA Announces Appointment of Washington Secretary of State Kim Wyman as Senior Election Security Lead 🕴</strong><br><br><code>As an expert on elections, her appointment speaks to the Agency’s dedication to working with election officials throughout the nation in a non-partisan manner to ensure the security and resilience of our election infrastructure.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/cisa-announces-appointment-of-washington-secretary-of-state-kim-wyman-as-senior-election-security-lead">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31249">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 18:32:48">
18:32
       </div>

       <div class="text">
<strong>🕴 Gas Stations in Iran Downed by Cyberattack 🕴</strong><br><br><code>Unknown attackers hijacked gasoline pump machines and defaced them with a message that reportedly included a phone number for Supreme Leader Ayatollah Ali Khamenei&apos;s office.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/gas-stations-in-iran-downed-by-cyberattack-reports">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31250">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 18:32:49">
18:32
       </div>

       <div class="text">
<strong>🕴 IBM Announces Advances and New Collaborations in AI-Powered Automation, 5G Connectivity and Security at Mobile World Congress Los Angeles 🕴</strong><br><br><code>IBM collaborates with Boston Dynamics, Cisco, Palo Alto Networks and Turnium Technology Group to help equip businesses in next phase of digital transformation.</code><br><br><a href="https://www.darkreading.com/mobile/ibm-announces-advances-and-new-collaborations-in-ai-powered-automation-5g-connectivity-and-security-at-mobile-world-congress-los-angeles">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31251">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 18:32:51">
18:32
       </div>

       <div class="text">
<strong>🕴 Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats 🕴</strong><br><br><code>Following demand from viewers, cybercriminals are not shy in taking advantage of fans’ eagerness to watch the show, with well-known fraud schemes hitting the web.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/ready-to-play-squid-game-becomes-an-attractive-lure-to-spread-cyberthreats">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31252">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 18:36:22">
18:36
       </div>

       <div class="text">
<strong>❌ Public Clouds &amp; Shared Responsibility: Lessons from Vulnerability Disclosure ❌</strong><br><br><code>Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there&apos;s no guarantee that Azure or AWS are delivering services in a hardened and secure manner.</code><br><br><a href="https://threatpost.com/public-clouds-shared-responsibility-vulnerability/175778/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31253">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 19:15:18">
19:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2019-3556 ‼</strong><br><br><code>HHVM supports the use of an &quot;admin&quot; server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3556">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31254">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 19:32:50">
19:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 North Korea&apos;s Lazarus Group Turns to Supply Chain Attacks 🕴</strong><br><br><code>State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/north-korea-s-lazarus-group-turns-to-supply-chain-attacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31255">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 19:36:22">
19:36
       </div>

       <div class="text">
<strong>❌ SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike ❌</strong><br><br><code>Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.</code><br><br><a href="https://threatpost.com/squirrelwaffle-loader-malspams-packing-qakbot-cobalt-strike/175775/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31256">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 20:32:58">
20:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Free Tool Helps Security Teams Measure Their API Attack Surface 🕴</strong><br><br><code>Data Theorem&apos;s free API Attack Surface Calculator helps security teams understand potential API exposures.</code><br><br><a href="https://www.darkreading.com/dr-tech/free-tool-helps-security-teams-measure-their-api-attack-surface">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31257">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 21:15:19">
21:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23877 ‼</strong><br><br><code>Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23877">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31258">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 21:15:20">
21:15
       </div>

       <div class="text">
<strong>‼ CVE-2020-22864 ‼</strong><br><br><code>A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22864">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31259">

      <div class="body">

       <div class="pull_right date details" title="26.10.2021 21:15:21">
21:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41866 ‼</strong><br><br><code>MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP&apos;s theme management is not escaped properly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41866">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-934">

      <div class="body details">
27 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31260">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 10:32:08">
10:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cyber Attack Cripples Iranian Fuel Distribution Network ❌</strong><br><br><code>The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens.</code><br><br><a href="https://threatpost.com/cyber-attack-cripples-iranian-fuel-distribution-network/175794/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31261">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 10:47:04">
10:47
       </div>

       <div class="text">
<strong>🗓️ Attack the block – How a security researcher cracked 70% of urban WiFi networks in one hit 🗓️</strong><br><br><code>A new attack takes advantage of weak WiFi passwords</code><br><br><a href="https://portswigger.net/daily-swig/attack-the-block-how-a-security-researcher-cracked-70-of-urban-wifi-networks-in-one-hit">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31262">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 11:04:01">
11:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Identity-Focused Security Controls Prevail 🕴</strong><br><br><code>How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map.</code><br><br><a href="https://www.darkreading.com/operations/identity-focused-security-controls-prevail">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31263">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 11:04:02">
11:04
       </div>

       <div class="text">
<strong>🕴 Annual Cyber Risk Survey Finds Businesses Are Sharpening Their Focus on Cybersecurity but Also Reveals Much Room for Improvement in Building Cyber-Resilience 🕴</strong><br><br><code>This year&apos;s survey features the highest percentage of cyber insurance buyers since the beginning of the survey 11 years ago.</code><br><br><a href="https://www.darkreading.com/risk/annual-cyber-risk-survey-finds-businesses-are-sharpening-their-focus-on-cybersecurity-but-also-reveals-much-room-for-improvement-in-building-cyber-resilience">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31264">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 11:04:03">
11:04
       </div>

       <div class="text">
<strong>🕴 Cynerio Launches IoT Attack Detection and Response Module for Healthcare IoT Devices 🕴</strong><br><br><code>Module helps hospitals identify, contain, and mitigate threats on devices exhibiting malicious or suspicious behavior.</code><br><br><a href="https://www.darkreading.com/iot/cynerio-launches-iot-attack-detection-and-response-module-for-healthcare-iot-devices">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31265">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 11:04:04">
11:04
       </div>

       <div class="text">
<strong>🕴 Onfido Acquires EYN to Provide Acoustic-Based Liveness Detection 🕴</strong><br><br><code>Technology will be incorporated into Onfido’s Real Identity Platform.</code><br><br><a href="https://www.darkreading.com/authentication/onfido-acquires-eyn-to-provide-acoustic-based-liveness-detection">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31266">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 11:04:05">
11:04
       </div>

       <div class="text">
<strong>🕴 Cyber Readiness Institute Names Karen S. Evans as New Managing Director 🕴</strong><br><br><code>Former assistant secretary for cybersecurity, energy security, and emergency response at US Department of Energy and Homeland Security CIO to lead strategic vision and day-to-day operations.</code><br><br><a href="https://www.darkreading.com/operations/cyber-readiness-institute-names-karen-s-evans-as-new-managing-director">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31267">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 11:04:07">
11:04
       </div>

       <div class="text">
<strong>🕴 Avast Business Introduces Network Discovery for SMBs 🕴</strong><br><br><code>Avast&apos;s Network Discovery enables network administrators to easily analyze their entire IT network and deploy Avast Business security services.</code><br><br><a href="https://www.darkreading.com/perimeter/avast-business-introduces-network-discovery-for-smbs">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31268">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 11:04:08">
11:04
       </div>

       <div class="text">
<strong>🕴 ThycoticCentrify Integrates Secret Server With Privileged Access Management Platform 🕴</strong><br><br><code>Combination avails Secret Server customers to a range of SaaS services.</code><br><br><a href="https://www.darkreading.com/endpoint/thycoticcentrify-integrates-secret-server-with-privileged-access-management-platform">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31269">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 11:15:58">
11:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41872 ‼</strong><br><br><code>Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41872">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31270">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 11:47:07">
11:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Data breach at Colorado university impacts 30,000 students 🗓️</strong><br><br><code>Atlassian vulnerability believed to be attack vector</code><br><br><a href="https://portswigger.net/daily-swig/data-breach-at-colorado-university-impacts-30-000-students">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31271">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 12:43:27">
12:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Microsoft warns of new supply chain attacks by Russian-backed Nobelium group 🦿</strong><br><br><code>The cybercrime group behind the SolarWinds hack remains focused on the global IT supply chain, says Microsoft, with 140 resellers and service providers targeted since May.</code><br><br><a href="https://www.techrepublic.com/article/microsoft-warns-of-new-supply-chain-attacks-by-russian-backed-nobelium-group/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31272">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 12:47:09">
12:47
       </div>

       <div class="text">
<strong>🗓️ ‘Professional cybercriminals’ blamed for DDoS attacks against UK telecoms providers 🗓️</strong><br><br><code>Packet in, says industry group</code><br><br><a href="https://portswigger.net/daily-swig/professional-cybercriminals-blamed-for-ddos-attacks-against-uk-telecoms-providers">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31273">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:16:05">
13:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41590 ‼</strong><br><br><code>In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify the listening TCP ports available to the server, revealing information about the internal network environment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41590">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31274">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:16:06">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-38379 ‼</strong><br><br><code>The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38379">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31275">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:16:07">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-22101 ‼</strong><br><br><code>Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on multiple V3 endpoints by generating an enormous SQL query.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22101">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31276">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:16:09">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-36756 ‼</strong><br><br><code>CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36756">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31277">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:16:11">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-24932 ‼</strong><br><br><code>An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24932">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31278">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:16:12">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-41589 ‼</strong><br><br><code>In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymous write access to the build cache. If access control to the build cache is not changed from the default open configuration, a malicious actor with network access can populate the cache with manipulated entries that may execute malicious code as part of a build process. This applies to the build cache provided with Gradle Enterprise and the separate build cache node service if used. If access control to the user interface is not changed from the default open configuration, a malicious actor can undo build cache access control in order to populate the cache with manipulated entries that may execute malicious code as part of a build process. This does not apply to the build cache provided with Gradle Enterprise, but does apply to the separate build cache node service if used.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41589">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31279">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:16:13">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-41619 ‼</strong><br><br><code>An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup options. Some of these options, such as -XX:OnOutOfMemoryError, allow specifying a command to be run on the host. This can be abused to run arbitrary commands on the host, should an attacker gain administrative access to the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41619">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31280">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:16:15">
13:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-37221 ‼</strong><br><br><code>A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option &amp; customer create option, which could let a remote malicious user upload an arbitrary php file. .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37221">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31281">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:32:14">
13:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Apple Patches Critical iOS Bugs; One Under Attack ❌</strong><br><br><code>Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.</code><br><br><a href="https://threatpost.com/apple-patches-ios-bugs/175803/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31282">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:35:14">
13:35
       </div>

       <div class="text">
<strong>🕴 Cybercriminals Ramp Up Attacks on Web APIs 🕴</strong><br><br><code>As more organizations use application programming interfaces for Web applications, attacks and security incidents targeting APIs continue to grow.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cybercriminals-ramp-up-attacks-on-web-apis">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31283">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 13:48:12">
13:48
       </div>

       <div class="text">
<strong>🛠 Zeek 4.1.1 🛠</strong><br><br><code>Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek&apos;s user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/164667/zeek-4.1.1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31284">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 14:02:13">
14:02
       </div>

       <div class="text">
<strong>❌ War-Driving Technique Allows Wi-Fi Password-Cracking at Scale ❌</strong><br><br><code>A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.</code><br><br><a href="https://threatpost.com/war-driving-wi-fi-password-cracking/175817/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31285">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 14:05:13">
14:05
       </div>

       <div class="text">
<strong>🕴 6 Eye-Opening Statistics About Software Supply Chain Security 🕴</strong><br><br><code>The latest facts and figures on the state of software supply chain security in the enterprise.</code><br><br><a href="https://www.darkreading.com/application-security/6-eye-opening-statistics-about-software-supply-chain-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31286">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:04:16">
15:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Kaspersky Buys Brain4Net to Build SASE &amp; XDR Tools 🕴</strong><br><br><code>Brain4Net builds tools to help enterprises and service providers add SD-WAN and NFV technologies to their existing infrastructure.</code><br><br><a href="https://www.darkreading.com/cloud/kaspersky-buys-brain4net-to-build-sase-xdr-tools">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31287">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:12">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-37807 ‼</strong><br><br><code>An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user&apos;s email is already exist within the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37807">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31288">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:14">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-37803 ‼</strong><br><br><code>An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37803">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31289">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:16">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-37808 ‼</strong><br><br><code>SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37808">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31290">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:18">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-20526 ‼</strong><br><br><code>IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20526">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31291">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:20">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-29774 ‼</strong><br><br><code>IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29774">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31292">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:23">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-29786 ‼</strong><br><br><code>IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29786">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31293">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:24">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-29844 ‼</strong><br><br><code>IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29844">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31294">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:25">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-29673 ‼</strong><br><br><code>IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29673">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31295">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:27">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-29868 ‼</strong><br><br><code>IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29868">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31296">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:28">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-29713 ‼</strong><br><br><code>IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29713">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31297">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:30">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-37805 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37805">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31298">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 15:16:31">
15:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-37806 ‼</strong><br><br><code>An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function payload that will sleep for a number of seconds used on the (1) editid , (2) viewid, and (3) catename parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37806">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31299">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 16:13:36">
16:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Develop the skills required for an in-demand cybersecurity career 🦿</strong><br><br><code>It&apos;s not necessary to spend a great deal of time or money to learn the skills required to work in some of the most exciting and highly paid positions in the tech industry.</code><br><br><a href="https://www.techrepublic.com/article/develop-the-skills-required-for-an-in-demand-cybersecurity-career/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31300">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 16:32:20">
16:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Adobe’s Surprise Security Bulletin Dominated by Critical Patches ❌</strong><br><br><code>Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure.</code><br><br><a href="https://threatpost.com/critical-patches-adobe-security-bulletin/175825/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31301">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 16:35:20">
16:35
       </div>

       <div class="text">
<strong>🕴 Read Between the Lines: Finding Flaws in EPUB Reading Systems 🕴</strong><br><br><code>Security researchers who analyzed 97 free EPUB reading applications found half are not compliant with security recommendations.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/read-between-the-lines-finding-flaws-in-epub-reading-systems">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31302">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 16:35:21">
16:35
       </div>

       <div class="text">
<strong>🔏 iOS 14 Update Fixes Memory Corruption Zero Day 🔏</strong><br><br><code>Apple fixed CVE-2021-30883, a iOS zero day weeks ago in iOS 15. Now a patch has arrived for those still running iOS 14.</code><br><br><a href="https://digitalguardian.com/blog/ios-14-update-fixes-memory-corruption-zero-day">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31303">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:17">
17:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34756 ‼</strong><br><br><code>Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34756">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31304">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:19">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40117 ‼</strong><br><br><code>A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incoming SSL/TLS packets are not properly processed. An attacker could exploit this vulnerability by sending a crafted SSL/TLS packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40117">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31305">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:20">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40125 ‼</strong><br><br><code>A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40125">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31306">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:22">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34764 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34764">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31307">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:23">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34787 ‼</strong><br><br><code>A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34787">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31308">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:24">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34790 ‼</strong><br><br><code>Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34790">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31309">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:25">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34763 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34763">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31310">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:27">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34793 ‼</strong><br><br><code>A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent mode could allow an unauthenticated, remote attacker to poison MAC address tables, resulting in a denial of service (DoS) vulnerability. This vulnerability is due to incorrect handling of certain TCP segments when the affected device is operating in transparent mode. An attacker could exploit this vulnerability by sending a crafted TCP segment through an affected device. A successful exploit could allow the attacker to poison the MAC address tables in adjacent devices, resulting in network disruption.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34793">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31311">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:29">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34762 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34762">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31312">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:30">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34792 ‼</strong><br><br><code>A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34792">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31313">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:31">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34781 ‼</strong><br><br><code>A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, which causes a DoS condition on the affected device. The device must be manually reloaded to recover.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34781">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31314">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:32">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40116 ‼</strong><br><br><code>Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40116">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31315">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:34">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34755 ‼</strong><br><br><code>Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34755">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31316">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:36">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34761 ‼</strong><br><br><code>A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The attacker must have administrative credentials on the device. This vulnerability is due to incomplete validation of user input for a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device with administrative privileges and issuing a CLI command with crafted user parameters. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34761">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31317">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:36">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40114 ‼</strong><br><br><code>Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40114">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31318">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:37">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40118 ‼</strong><br><br><code>Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. These vulnerabilities are due to improper input validation when parsing HTTPS requests. An attacker could exploit these vulnerabilities by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40118">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31319">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:39">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34783 ‼</strong><br><br><code>A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34783">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31320">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:41">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-3900 ‼</strong><br><br><code>firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3900">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31321">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:41">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34794 ‼</strong><br><br><code>A vulnerability in the Simple Network Management Protocol version 3 (SNMPv3) access control functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due to ineffective access control. An attacker could exploit this vulnerability by sending an SNMPv3 query to an affected device from a host that is not permitted by the SNMPv3 access control list. A successful exploit could allow the attacker to send an SNMP query to an affected device and retrieve information from the device. The attacker would need valid credentials to perform the SNMP query.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34794">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31322">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:16:43">
17:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-34791 ‼</strong><br><br><code>Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31323">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:32:20">
17:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam ❌</strong><br><br><code>The kid was busted after abusing Google Ads to lure users to his fake gift card site. </code><br><br><a href="https://threatpost.com/teen-rakes-in-2-74m-worth-of-bitcoin-in-phishing-scam/175834/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31324">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 17:32:22">
17:32
       </div>

       <div class="text">
<strong>❌ Ransomware Attacks Are Evolving. Your Security Strategy Should, Too ❌</strong><br><br><code>Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.</code><br><br><a href="https://threatpost.com/ransomware-attacks-evolving-security-strategy/175835/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31325">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 18:04:24">
18:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 QR Codes Help Attackers Sneak Emails Past Security Controls 🕴</strong><br><br><code>A recently discovered campaign shows how attackers are constantly developing new techniques to deceive phishing victims.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/qr-codes-help-attackers-sneak-emails-past-security-controls">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31326">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:02:30">
19:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ WordPress Plugin Bug Lets Subscribers Wipe Sites ❌</strong><br><br><code>The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable site, deleting nearly all database content and uploaded media.</code><br><br><a href="https://threatpost.com/wordpress-plugin-bug-wipe-sites/175826/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31327">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:05:26">
19:05
       </div>

       <div class="text">
<strong>🕴 Defenders Worry Orgs Are More Vulnerable Than Last Year 🕴</strong><br><br><code>Most IT and security leaders are confident their cybersecurity strategy is on the right track, but they still believe their organizations are as vulnerable as they were a year ago.</code><br><br><a href="https://www.darkreading.com/edge-threat-monitor/defenders-worry-orgs-are-more-vulnerable-than-last-year">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31328">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:16:22">
19:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-25219 ‼</strong><br><br><code>In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21, and versions 9.9.3-S1 -&gt; 9.11.35-S1 and 9.16.8-S1 -&gt; 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -&gt; 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25219">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31329">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:16:23">
19:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-1117 ‼</strong><br><br><code>Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1117">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31330">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:16:24">
19:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-3901 ‼</strong><br><br><code>firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3901">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31331">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:16:26">
19:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-1115 ‼</strong><br><br><code>NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1115">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31332">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:16:27">
19:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-41191 ‼</strong><br><br><code>Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone&apos;s API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41191">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31333">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:16:28">
19:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-1116 ‼</strong><br><br><code>NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1116">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31334">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:16:29">
19:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-3903 ‼</strong><br><br><code>vim is vulnerable to Heap-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3903">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31335">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:16:30">
19:16
       </div>

       <div class="text">
<strong>‼ CVE-2020-21250 ‼</strong><br><br><code>CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21250">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31336">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 19:45:08">
19:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices ⚠</strong><br><br><code>A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/27/apple-ships-monterey-with-security-updates-fixes-0-day-in-watch-and-tv-products-updates-idevices/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31337">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 21:04:34">
21:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 HelpSystems Acquires Digital Guardian, Extends DLP Capabilities 🕴</strong><br><br><code>The acquisition strengthens HelpSystems’ data security portfolio with data loss prevention capabilities across the endpoint, network, and cloud.</code><br><br><a href="https://www.darkreading.com/cloud/helpsystems-acquires-digital-guardian-extends-dlp-capabilities">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31338">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 21:16:25">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-3906 ‼</strong><br><br><code>bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3906">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31339">

      <div class="body">

       <div class="pull_right date details" title="27.10.2021 21:16:26">
21:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-3904 ‼</strong><br><br><code>grav is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3904">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-935">

      <div class="body details">
28 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31340">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 09:17:01">
09:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2019-19810 ‼</strong><br><br><code>Zoom Call Recording 6.3.1 from ZOOM International is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19810">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31341">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 09:32:55">
09:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Grief Ransomware Targets NRA ❌</strong><br><br><code>Grief, a ransomware group with ties to Russia-based Evil Corp, claims to have stolen data from the gun-rights group and has posted files on its dark web site. </code><br><br><a href="https://threatpost.com/grief-ransomware-nra/175850/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31342">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 10:15:31">
10:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep56: Cryptotrading rodent, ransomware hackback, and a Docusign phish [Podcast] ⚠</strong><br><br><code>Latest episode - listen now! Serious security explained with personality in plain English.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/28/s3-ep56-cryptotrading-rodent-ransomware-hackback-and-a-docusign-phish-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31343">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:06:17">
11:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 You&apos;ve Just Been Ransomed ... Now What? 🕴</strong><br><br><code>Six crucial steps executives and IT teams should be prepared to take immediately after a ransomware attack.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/you-ve-just-been-ransomed---now-what-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31344">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:08">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22475 ‼</strong><br><br><code>There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22475">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31345">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:10">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22454 ‼</strong><br><br><code>A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22454">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31346">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:12">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36990 ‼</strong><br><br><code>There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31347">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:14">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22462 ‼</strong><br><br><code>A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22462">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31348">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:15">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22486 ‼</strong><br><br><code>There is a issue of Unstandardized field names in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22486">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31349">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:16">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22458 ‼</strong><br><br><code>A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22458">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31350">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:17">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22470 ‼</strong><br><br><code>A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22470">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31351">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:18">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22403 ‼</strong><br><br><code>There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22403">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31352">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:19">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22464 ‼</strong><br><br><code>A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22464">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31353">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:20">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22278 ‼</strong><br><br><code>A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22278">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31354">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:22">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22474 ‼</strong><br><br><code>There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22474">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31355">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:23">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22488 ‼</strong><br><br><code>There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22488">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31356">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:24">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22481 ‼</strong><br><br><code>There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31357">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:24">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36988 ‼</strong><br><br><code>There is a Parameter verification issue in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36988">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31358">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:26">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22485 ‼</strong><br><br><code>There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22485">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31359">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:28">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22490 ‼</strong><br><br><code>There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22490">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31360">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:29">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22472 ‼</strong><br><br><code>There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22472">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31361">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:30">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22471 ‼</strong><br><br><code>A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22471">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31362">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:31">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36987 ‼</strong><br><br><code>There is a issue that nodes in the linked list being freed for multiple times in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause the system to restart.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36987">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31363">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:17:32">
11:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22473 ‼</strong><br><br><code>There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22473">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31364">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:11">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22450 ‼</strong><br><br><code>A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22450">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31365">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:12">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22466 ‼</strong><br><br><code>A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22466">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31366">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:14">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37748 ‼</strong><br><br><code>Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37748">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31367">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:15">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22436 ‼</strong><br><br><code>There is a Logic Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22436">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31368">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:16">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37002 ‼</strong><br><br><code>There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31369">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:17">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22404 ‼</strong><br><br><code>There is a Directory traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22404">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31370">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:18">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22401 ‼</strong><br><br><code>There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22401">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31371">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:19">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36995 ‼</strong><br><br><code>There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36995">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31372">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:20">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22456 ‼</strong><br><br><code>A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22456">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31373">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:21">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22457 ‼</strong><br><br><code>A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22457">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31374">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:25">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22455 ‼</strong><br><br><code>A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22455">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31375">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:26">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22487 ‼</strong><br><br><code>There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22487">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31376">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:27">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22459 ‼</strong><br><br><code>A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22459">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31377">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:28">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22407 ‼</strong><br><br><code>There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22407">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31378">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:29">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22405 ‼</strong><br><br><code>There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22405">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31379">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:33">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22452 ‼</strong><br><br><code>A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22452">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31380">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:34">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36991 ‼</strong><br><br><code>There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31381">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:35">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22402 ‼</strong><br><br><code>There is a DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22402">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31382">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:36">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22451 ‼</strong><br><br><code>A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22451">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31383">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:23:37">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22406 ‼</strong><br><br><code>There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22406">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31384">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 11:47:37">
11:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Critical flaw in GoCD provides platform for supply chain attacks 🗓️</strong><br><br><code>Vulnerability in software used by Fortune 500 firms raises fears of SolarWinds-like impact</code><br><br><a href="https://portswigger.net/daily-swig/critical-flaw-in-gocd-provides-platform-for-supply-chain-attacks">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31385">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 12:14:15">
12:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to prepare your team to address a significant security issue 🦿</strong><br><br><code>As you work to resolve a security issue, technical knowledge is necessary—and a team with a broad base of expertise is invaluable.</code><br><br><a href="https://www.techrepublic.com/article/how-to-prepare-your-team-to-address-a-significant-security-issue/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31386">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 12:17:36">
12:17
       </div>

       <div class="text">
<strong>🗓️ WordPress plugin vulnerability opened up one million sites to remote takeover 🗓️</strong><br><br><code>Gaping OptinMonster security hole patched</code><br><br><a href="https://portswigger.net/daily-swig/wordpress-plugin-vulnerability-opened-up-one-million-sites-to-remote-takeover">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31387">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 12:49:05">
12:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 TOR Virtual Network Tunneling Tool 0.4.6.8</strong> <strong>🛠</strong><br><br><code>Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/164700/tor-0.4.6.8.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31388">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 13:03:55">
13:03
       </div>

       <div class="text">
<strong>❌ EU’s Green Pass Vaccination ID Private Key Leaked ❌</strong><br><br><code>The private key used to sign the vaccine passports was leaked and is being passed around to create fake passes for the likes of Mickey Mouse and Adolf Hitler.</code><br><br><a href="https://threatpost.com/eus-green-pass-vaccination-id-private-key-leaked/175857/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31389">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 13:17:36">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-3823 ‼</strong><br><br><code>Improper Limitation of a Pathname to a Restricted Directory (&apos;Path Traversal&apos;) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3823">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31390">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 13:17:37">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-22312 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22312">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31391">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 13:17:38">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2018-1105 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1105">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31392">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 13:17:39">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-3576 ‼</strong><br><br><code>Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to &apos;NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client&apos;s security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3576">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31393">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 13:17:40">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-37254 ‼</strong><br><br><code>In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37254">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31394">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 13:17:42">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-41728 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41728">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31395">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 13:17:43">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-3579 ‼</strong><br><br><code>Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3579">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31396">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 13:17:44">
13:17
       </div>

       <div class="text">
<strong>‼ CVE-2018-14640 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14640">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31397">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 14:06:14">
14:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 3 Security Lessons Learned From the Kaseya Ransomware Attack 🕴</strong><br><br><code>Organizations can better prepare themselves and their customers for these attacks with some strategies to identify threats before they become a widespread issue.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/3-security-lessons-learned-from-the-kaseya-ransomware-attack">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31398">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 15:17:21">
15:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-22097 ‼</strong><br><br><code>In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31399">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 15:17:22">
15:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22044 ‼</strong><br><br><code>In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22044">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31400">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 15:17:23">
15:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22047 ‼</strong><br><br><code>In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller type-level request mapping are additionally exposed under URIs that can potentially be exposed for unauthorized access depending on the Spring Security configuration.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22047">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31401">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 15:17:24">
15:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22096 ‼</strong><br><br><code>In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22096">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31402">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 15:17:26">
15:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-7875 ‼</strong><br><br><code>DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31403">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 15:17:27">
15:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-3745 ‼</strong><br><br><code>flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3745">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31404">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 16:35:59">
16:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 What is Phishing? Common Attacks &amp; How to Avoid Them 🔏</strong><br><br><code>The goal of nearly every phishing attempt is to steal information but attacks can come in different forms. In today&apos;s blog, we break down common phishing types, tactics and 50 examples of phishing attacks.</code><br><br><a href="https://digitalguardian.com/blog/what-phishing-common-attacks-how-avoid-them">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31405">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 16:36:00">
16:36
       </div>

       <div class="text">
<strong>🕴 US to Create Diplomatic Bureau to Lead Cybersecurity Policy 🕴</strong><br><br><code>As part of its modernization initiative, the Department of State will increase its IT budget by 50% and add a new bureau to lead cybersecurity and digital policy.</code><br><br><a href="https://www.darkreading.com/risk/us-to-create-diplomatic-bureau-to-lead-cybersecurity-policy">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31406">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 16:36:01">
16:36
       </div>

       <div class="text">
<strong>🕴 Stop Zero-Day Ransomware Cold With AI 🕴</strong><br><br><code>AI can help recognize ransomware attacks and stop them at computer speed.</code><br><br><a href="https://www.darkreading.com/emerging-tech/stop-zero-day-ransomware-cold-with-ai">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31407">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:23">
17:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-10005 ‼</strong><br><br><code>A resource exhaustion issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. An attacker in a privileged network position may be able to perform denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10005">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31408">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:25">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30814 ‼</strong><br><br><code>A memory corruption issue was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30814">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31409">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:26">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-25422 ‼</strong><br><br><code>A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25422">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31410">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:28">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30840 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30840">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31411">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:30">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30808 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected parts of the file system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30808">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31412">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:31">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30834 ‼</strong><br><br><code>A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30834">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31413">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:32">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30813 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30813">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31414">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:34">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30823 ‼</strong><br><br><code>A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30823">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31415">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:35">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-9897 ‼</strong><br><br><code>An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9897">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31416">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:35">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-1821 ‼</strong><br><br><code>A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1821">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31417">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:36">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30821 ‼</strong><br><br><code>A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30821">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31418">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:38">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30836 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31419">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:40">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30824 ‼</strong><br><br><code>A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30824">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31420">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:42">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30818 ‼</strong><br><br><code>A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30818">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31421">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:44">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2020-29629 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to read restricted memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29629">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31422">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:45">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30809 ‼</strong><br><br><code>A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30809">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31423">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:46">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30817 ‼</strong><br><br><code>A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access data about the accounts the user is using Family Sharing with.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30817">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31424">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:48">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30831 ‼</strong><br><br><code>An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted font may result in the disclosure of process memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30831">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31425">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:50">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30816 ‼</strong><br><br><code>The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30816">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31426">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:17:50">
17:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-30833 ‼</strong><br><br><code>This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30833">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31427">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:33:26">
17:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Suspected REvil Gang Insider Identified ❌</strong><br><br><code>German investigators have identified a deep-pocketed, big-spending Russian billionaire whom they suspect of being a core member of the REvil ransomware gang.</code><br><br><a href="https://threatpost.com/revil-ransomware-core-member/175863/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31428">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:36:19">
17:36
       </div>

       <div class="text">
<strong>🕴 NSA-CISA Series on Securing 5G Cloud Infrastructures 🕴</strong><br><br><code>CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations.</code><br><br>📖 Read<br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31429">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:36:19">
17:36
       </div>

       <div class="text">
<strong>🕴 Tech Companies Create Security Baseline for Enterprise Software 🕴</strong><br><br><code>The Minimum Viable Secure Product is written as a checklist of minimum-security requirements for business-to-business software.</code><br><br><a href="https://www.darkreading.com/application-security/tech-companies-create-security-baseline-for-enterprise-software">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31430">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 17:36:21">
17:36
       </div>

       <div class="text">
<strong>🕴 Ordr Unveils Cybersecurity Innovations and Ransom-Aware Rapid Assessment Service to Expand Its Leadership In Connected Device Security 🕴</strong><br><br><code>Enhanced ransomware detection, visualization of ransomware communications, and risk customization helps organizations respond to cyberattacks in minutes.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/ordr-unveils-cybersecurity-innovations-and-ransom-aware-rapid-assessment-service-to-expand-its-leadership-in-connected-device-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31431">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 18:06:22">
18:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 ICS Security Firm Dragos Reaches $1.7B Valuation in Latest Funding Round 🕴</strong><br><br><code>The $200M Series D represents the company&apos;s largest funding round to date.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/ics-security-firm-dragos-reaches-1-7b-valuation-in-latest-funding-round">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31432">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 18:36:26">
18:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SEO Poisoning Used to Distribute Ransomware 🕴</strong><br><br><code>This tactic — used to distribute REvil ransomware and the SolarMarker backdoor — is part of a broader increase in such attacks in recent months, researchers say.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/seo-poisoning-used-to-distribute-ransomware">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31433">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 19:03:18">
19:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ All Sectors Are Now Prey as Cyber Threats Expand Targeting ❌</strong><br><br><code>Aamir Lakhani, security researcher at Fortinet, says no sector is off limits these days: It&apos;s time for everyone to strengthen the kill chain.</code><br><br><a href="https://threatpost.com/cyber-threats-targeting-all-sectors/175873/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31434">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 19:18:35">
19:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36547 ‼</strong><br><br><code>A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36547">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31435">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 19:18:36">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-36551 ‼</strong><br><br><code>TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36551">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31436">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 19:18:37">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-36550 ‼</strong><br><br><code>TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36550">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31437">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 19:18:38">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-36548 ‼</strong><br><br><code>A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&amp;action=edit_template&amp;filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36548">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31438">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 19:18:39">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41194 ‼</strong><br><br><code>FirstUseAuthenticator is a JupyterHub authenticator that helps new users set their password on their first login to JupyterHub. When JupyterHub is used with FirstUseAuthenticator, a vulnerability in versions prior to 1.0.0 allows unauthorized access to any user&apos;s account if `create_users=True` and the username is known or guessed. One may upgrade to version 1.0.0 or apply a patch manually to mitigate the vulnerability. For those who cannot upgrade, there is no complete workaround, but a partial mitigation exists. One can disable user creation with `c.FirstUseAuthenticator.create_users = False`, which will only allow login with fully normalized usernames for already existing users prior to jupyterhub-firstuserauthenticator 1.0.0. If any users have never logged in with their normalized username (i.e. lowercase), they will still be vulnerable until a patch or upgrade occurs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41194">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31439">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 20:15:40">
20:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Microsoft Edge finally arrives on Linux – “Official” build lands in repos ⚠</strong><br><br><code>Microsoft Edge for Linux makes an Official landing.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/29/microsoft-edge-finally-arrives-on-linux-official-build-lands-in-repos/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31440">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 20:36:58">
20:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 6 Ways to Rewrite the Impossible Job Description 🕴</strong><br><br><code>It&apos;s hard enough to fill a cybersecurity position given the talent shortage. But you may be making it harder with a poor job description that turns off would-be candidates.</code><br><br><a href="https://www.darkreading.com/edge-slideshows/6-ways-to-rewrite-the-impossible-job-description">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31441">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 21:22:33">
21:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-23549 ‼</strong><br><br><code>IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a &quot;Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23549">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31442">

      <div class="body">

       <div class="pull_right date details" title="28.10.2021 21:22:34">
21:22
       </div>

       <div class="text">
<strong>‼ CVE-2020-23546 ‼</strong><br><br><code>IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a &quot;Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23546">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-936">

      <div class="body details">
29 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31443">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 07:48:03">
07:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ ‘Inaction isn’t an option’ – US lawmakers back mandatory standards for transport and logistics cybersecurity 🗓️</strong><br><br><code>House Committee on Homeland Security hearing pulls focus on securing ‘planes, trains, and pipelines’</code><br><br><a href="https://portswigger.net/daily-swig/inaction-isnt-an-option-us-lawmakers-back-mandatory-standards-for-transport-and-logistics-cybersecurity">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31444">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 09:18:07">
09:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31624 ‼</strong><br><br><code>Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31624">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31445">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 09:18:08">
09:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-22079 ‼</strong><br><br><code>Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22079">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31446">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 09:18:09">
09:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-31862 ‼</strong><br><br><code>SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31862">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31447">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 09:18:11">
09:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-31627 ‼</strong><br><br><code>Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31627">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31448">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 09:48:05">
09:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Google, Salesforce, others team up to launch MVSP security baseline project 🗓️</strong><br><br><code>The collaboration is focused on creating a vendor-neutral security standard</code><br><br><a href="https://portswigger.net/daily-swig/google-salesforce-others-team-up-to-launch-mvsp-security-baseline-project">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31449">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 10:45:53">
10:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Microsoft documents “SHROOTLESS” hack patched in latest Apple updates ⚠</strong><br><br><code>We&apos;d have called this bug &quot;SHROOTMORE&quot;, but naming it wasn&apos;t our call.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/29/microsoft-documents-shrootless-hack-patched-in-latest-apple-updates/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31450">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 10:48:55">
10:48
       </div>

       <div class="text">
<strong>🗓️ Trickbot arrest: Russian national extradited to US for alleged role in developing notorious banking trojan 🗓️</strong><br><br><code>Vladimir Dunaev made his first appearance in federal court this week</code><br><br><a href="https://portswigger.net/daily-swig/trickbot-arrest-russian-national-extradited-to-us-for-alleged-role-in-developing-notorious-banking-trojan">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31451">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 11:07:39">
11:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Finding the Right Approach to Cloud Security Posture Management (CSPM) 🕴</strong><br><br><code>Cloud security is maturing — it has to. New strategies are surfacing to respond to new problems. Dr. Mike Lloyd, RedSeal&apos;s CTO, reviews one of the latest: CSPM.</code><br><br><a href="https://www.darkreading.com/cloud/finding-the-right-approach-to-cloud-security-posture-management-cspm-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31452">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 11:18:09">
11:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-3441 ‼</strong><br><br><code>A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3441">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31453">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 11:18:10">
11:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-3662 ‼</strong><br><br><code>Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3662">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31454">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 11:18:11">
11:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-22037 ‼</strong><br><br><code>Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22037">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31455">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 11:18:13">
11:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-22038 ‼</strong><br><br><code>On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31456">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 11:37:39">
11:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 A Treehouse of Security Horrors 🕴</strong><br><br><code>True-life horrors from conversations with software engineers and developers. D&apos;oh!</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/a-treehouse-of-security-horrors">📖 Read</a><br><br>via &quot;Dark Reading&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31457">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 12:33:58">
12:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App ❌</strong><br><br><code>Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.</code><br><br><a href="https://threatpost.com/chrome-deliver-malware-as-legit-win-10-app/175884/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31458">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 12:37:42">
12:37
       </div>

       <div class="text">
<strong>🕴 What Exactly Is Secure Access Service Edge (SASE)? 🕴</strong><br><br><code>Any company that supports a hybrid workforce should at least be familiar with this relatively new security approach.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/what-exactly-is-secure-access-service-edge-sase-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31459">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 12:48:09">
12:48
       </div>

       <div class="text">
<strong>🗓️ All Day DevOps 2021: Securing the software supply chain with ephemerality and the least-privilege principle 🗓️</strong><br><br><code>‘The new boundary for systems engineering is how ephemeral can you make any given process with a privilege’</code><br><br><a href="https://portswigger.net/daily-swig/all-day-devops-2021-securing-the-software-supply-chain-with-ephemerality-and-the-least-privilege-principle">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31460">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 13:18:13">
13:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41186 ‼</strong><br><br><code>Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don&apos;t use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41186">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31461">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 13:18:14">
13:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-35237 ‼</strong><br><br><code>A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31462">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 13:18:16">
13:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-39179 ‼</strong><br><br><code>DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL Injection vulnerability in the Tracker component in DHIS2 Server allows authenticated remote attackers to execute arbitrary SQL commands via unspecified vectors. This vulnerability affects the `/api/trackedEntityInstances` and `/api/trackedEntityInstances/query` API endpoints in all DHIS2 versions 2.34, 2.35, and 2.36. It also affects versions 2.32 and 2.33 which have reached _end of support_ - exceptional security updates have been added to the latest *end of support* builds for these versions. Versions 2.31 and older are unaffected. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user - the vulnerability requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance. There are no known exploits of the security vulnerabilities addressed by these patch releases. Security patches are available in DHIS2 versions 2.32-EOS, 2.33-EOS, 2.34.7, 2.35.7, and 2.36.4. There is no straightforward known workaround for DHIS2 instances using the Tracker functionality other than upgrading the affected DHIS2 server to one of the patches in which this vulnerability has been fixed. For implementations which do NOT use Tracker functionality, it may be possible to block all network access to POST to the `/api/trackedEntityInstances`, and `/api/trackedEntityInstances/query` endpoints as a temporary workaround while waiting to upgrade.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39179">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31463">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 13:21:17">
13:21
       </div>

       <div class="text">
<strong>🛠 GRAudit Grep Auditing Tool 3.2 🛠</strong><br><br><code>Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It&apos;s comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.</code><br><br><a href="https://packetstormsecurity.com/files/164708/graudit-3.2.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31464">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 14:37:52">
14:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cybercriminals Take Aim at Connected Car Infrastructure 🕴</strong><br><br><code>While car makers are paying more attention to cybersecurity, the evolution of automobiles into &quot;software platforms on wheels&quot; and the quick adoption of new features has put connected cars in the crosshairs.</code><br><br><a href="https://www.darkreading.com/iot/cybercriminals-take-aim-at-connected-car-infrastructure">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31465">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 14:48:46">
14:48
       </div>

       <div class="text">
<strong>🔏 Friday Five 10/29 🔏</strong><br><br><code>Apple fixes a critical SIP bypass and personal data protection becomes a fundamental right in Brazil - catch up on the infosec news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-10/29">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31466">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 15:18:19">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3756 ‼</strong><br><br><code>libmysofa is vulnerable to Heap-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3756">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31467">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 15:18:20">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41674 ‼</strong><br><br><code>An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41674">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31468">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 15:18:23">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41643 ‼</strong><br><br><code>Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41643">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31469">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 15:18:24">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41675 ‼</strong><br><br><code>A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41675">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31470">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 15:18:25">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41645 ‼</strong><br><br><code>Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41645">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31471">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 15:18:25">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41676 ‼</strong><br><br><code>An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41676">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31472">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 15:18:28">
15:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41644 ‼</strong><br><br><code>Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41644">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31473">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 17:18:24">
17:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41748 ‼</strong><br><br><code>An Incorrect Access Control issue exists in all versions of Portainer.via an unauthorized access vulnerability. The vulnerability is also CNVD-2021-49547</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41748">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31474">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 17:18:26">
17:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41646 ‼</strong><br><br><code>Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41646">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31475">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 17:18:27">
17:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41746 ‼</strong><br><br><code>SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41746">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31476">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 17:18:28">
17:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41874 ‼</strong><br><br><code>An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41874">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31477">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 17:18:29">
17:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-41189 ‼</strong><br><br><code>DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41189">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31478">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 17:44:49">
17:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cybercrime: Europol arrests 12 people for ransomware activities possibly affecting 1,800 victims in 71 countries 🦿</strong><br><br><code>The European police force stated the ransomware activities targeted critical infrastructures and mostly large corporations.</code><br><br><a href="https://www.techrepublic.com/article/cybercrime-europol-arrests-12-people-for-ransomware-activities-possibly-affecting-1800-victims-in-71-countries/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31479">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 18:13:10">
18:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm 🕴</strong><br><br><code>A Mandiant researcher shares the details of an investigation into the misuse of Pulse Secure VPN devices by suspected state-sponsored threat actors.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/apts-teleworking-and-advanced-vpn-exploits-the-perfect-storm">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31480">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 18:43:12">
18:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Snyk Agrees to Acquire CloudSkiff, Creators of driftctl 🕴</strong><br><br><code>New capabilities allow Snyk Infrastructure as Code customers to more effectively detect infrastructure drift.</code><br><br><a href="https://www.darkreading.com/application-security/snyk-agrees-to-acquire-cloudskiff-creators-of-driftctl">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31481">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 19:18:29">
19:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1121 ‼</strong><br><br><code>NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1121">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31482">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 19:18:30">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-25881 ‼</strong><br><br><code>A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&amp;sub=&amp;filename=../../../../111.txt&amp;filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25881">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31483">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 19:18:31">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-1120 ‼</strong><br><br><code>NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1120">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31484">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 19:18:32">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-25872 ‼</strong><br><br><code>A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25872">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31485">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 19:18:33">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-1119 ‼</strong><br><br><code>NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1119">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31486">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 19:18:34">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-1122 ‼</strong><br><br><code>NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1122">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31487">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 19:18:35">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-1118 ‼</strong><br><br><code>NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1118">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31488">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 19:18:36">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2021-1123 ‼</strong><br><br><code>NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1123">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31489">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 19:18:37">
19:18
       </div>

       <div class="text">
<strong>‼ CVE-2020-25873 ‼</strong><br><br><code>A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the &quot;id&quot; parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25873">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31490">

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 19:21:32">
19:21
       </div>

       <div class="text">
<strong>♟️ Zales.com</strong> <strong>Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018 ♟️</strong><br><br><code>In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.</code><br><br><a href="https://krebsonsecurity.com/2021/10/zales-com-leaked-customer-data-just-like-sister-firms-jared-kay-jewelers-did-in-2018/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31491">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.10.2021 20:46:03">
20:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Europol announce “targeting” of 12 suspects in ransomware attacks ⚠</strong><br><br><code>More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/30/europol-announce-targeting-of-12-suspects-in-ransomware-attacks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-937">

      <div class="body details">
30 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31492">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 10:14:40">
10:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Enterprises Allocating More IT Dollars on Cybersecurity 🕴</strong><br><br><code>Enterprises are allocating more IT dollars towards implementing a multilayered approach to securing data and applications against new threats, data shows.</code><br><br><a href="https://www.darkreading.com/tech-trends/enterprises-allocating-more-it-dollars-on-cybersecurity">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31493">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 11:19:43">
11:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36808 ‼</strong><br><br><code>A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36808">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31494">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:29:52">
21:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 IT Pro News in Review: SolarWinds cyber attack, AWS deal with MI5, UK VoIP providers under attack 📢</strong><br><br><code>Catch up on the biggest headlines of the week in just two minutes</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361402/it-pro-news-in-review-solarwinds-cyber-attack-aws-deal-with-mi5-uk">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31495">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:29:53">
21:29
       </div>

       <div class="text">
<strong>📢 Avast launches premium browser with built-in VPN 📢</strong><br><br><code>Avast Secure Browser Pro is available now on Windows 10, iOS and Android</code><br><br><a href="https://www.itpro.co.uk/network-internet/web-browser/361357/avast-launches-premium-browser-with-built-in-vpn">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31496">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:29:54">
21:29
       </div>

       <div class="text">
<strong>📢 70% of IT workers skip key security steps due to work pressures 📢</strong><br><br><code>Report finds that a fifth of DevOps and security professionals have considered quitting their jobs due to stress</code><br><br><a href="https://www.itpro.co.uk/security/361364/70-of-it-workers-skip-key-security-steps-due-to-work-pressures">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31497">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:29:56">
21:29
       </div>

       <div class="text">
<strong>📢 BlackMatter ransomware victims reclaim data using secret decryptor 📢</strong><br><br><code>Emsisoft discovered a critical flaw in the ransomware that allowed them to help victims recover their files</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361351/blackmatter-ransomware-victims-reclaim-data-using-secret-decryptor">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31498">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:29:57">
21:29
       </div>

       <div class="text">
<strong>📢 What is your digital footprint? 📢</strong><br><br><code>Your digital footprint is always growing – so we explore how you can keep it under control</code><br><br><a href="https://www.itpro.co.uk/strategy/29259/what-is-your-digital-footprint">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31499">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:29:58">
21:29
       </div>

       <div class="text">
<strong>📢 What is Emotet? 📢</strong><br><br><code>A deep dive into malware&apos;s most infamous and prolific strain</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361340/what-is-emotet">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31500">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:29:59">
21:29
       </div>

       <div class="text">
<strong>📢 Ransomware hit industrial sector the hardest in the third quarter 📢</strong><br><br><code>Cyber criminals are now also targeting the technology sector, which saw a 30% rise in attack volume</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361352/ransomware-hit-industrial-sector-the-hardest-in-the-third-quarter">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31501">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:00">
21:30
       </div>

       <div class="text">
<strong>📢 F-Secure Safe review: Simple security struggles to outdo Defender 📢</strong><br><br><code>F-Secure Safe doesn’t have the protection or features to stand out against its rivals.</code><br><br><a href="https://www.itpro.co.uk/security/antivirus/361344/f-secure-safe-review-simple-security-struggles-to-outdo-defender">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31502">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:02">
21:30
       </div>

       <div class="text">
<strong>📢 BillQuick billing software exploit lets hackers deploy ransomware 📢</strong><br><br><code>The now-patched critical zero-day vulnerability also leaked sensitive data from the time and billing platform</code><br><br><a href="https://www.itpro.co.uk/security/361358/billquick-billing-software-exploit-lets-hackers-deploy-ransomware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31503">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:05">
21:30
       </div>

       <div class="text">
<strong>📢 Telstra to acquire Digicel Pacific for $1.6 billion with help from government 📢</strong><br><br><code>The deal is being called a &apos;political buy&apos; to counter Chinese influence in the region</code><br><br><a href="https://www.itpro.co.uk/infrastructure/network-internet/361359/telstra-to-acquire-digicel-pacific-for-16-billion-with-help">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31504">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:07">
21:30
       </div>

       <div class="text">
<strong>📢 Tesco services knocked offline after suspected cyber attack 📢</strong><br><br><code>Customers were left unable to make or cancel orders, or amend their scheduled deliveries</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361346/tesco-services-taken-offline-suspected-cyber-attack">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31505">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:10">
21:30
       </div>

       <div class="text">
<strong>📢 Microsoft to work with community colleges to fill 250,000 cyber security roles 📢</strong><br><br><code>Free course materials will be supplied to every community college in the US</code><br><br><a href="https://www.itpro.co.uk/business-strategy/careers-training/361395/microsoft-to-train-250000-cyber-security-workers-by-2025">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31506">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:13">
21:30
       </div>

       <div class="text">
<strong>📢 DDoS attacks are crippling UK VoIP operators 📢</strong><br><br><code>Businesses and emergency services are among customers hit by outages at VoIP firms</code><br><br><a href="https://www.itpro.co.uk/security/distributed-denial-of-service-ddos/361374/international-co-ordinated-ddos-attacks-are">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31507">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:16">
21:30
       </div>

       <div class="text">
<strong>📢 Critical macOS vulnerability found to bypass SIP restrictions 📢</strong><br><br><code>The flaw lies in how the OS handles software packages and post-installation scripts</code><br><br><a href="https://www.itpro.co.uk/security/361399/critical-macos-vulnerability-found-to-bypass-sip-restrictions">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31508">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:19">
21:30
       </div>

       <div class="text">
<strong>📢 Australian Federal Police plots &quot;aggressive&quot; cyber division following law change 📢</strong><br><br><code>New powers allow law enforcement to launch disruptive operations and collect data on suspected criminals</code><br><br><a href="https://www.itpro.co.uk/security/encryption/361348/australia-federal-police-plots-aggressive-cyber-division">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31509">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:23">
21:30
       </div>

       <div class="text">
<strong>📢 Luxury hotel chain hit twice by hackers after reneging on ransomware payment 📢</strong><br><br><code>The group claims to have information belonging to millions of customers who stayed at Centara hotels and resorts between 2003 and 2021</code><br><br><a href="https://www.itpro.co.uk/security/cyber-attacks/361401/thailand-luxury-hotel-chain-hit-by-desorden-group">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31510">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:26">
21:30
       </div>

       <div class="text">
<strong>📢 Microsoft resellers warned of Nobelium attacks on IT supply chain 📢</strong><br><br><code>Microsoft believes that 22,868 attacks have been conducted against 609 partners since July</code><br><br><a href="https://www.itpro.co.uk/security/cyber-attacks/361345/russian-hackers-nobelium-tech-supply-chain-resellers">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31511">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:29">
21:30
       </div>

       <div class="text">
<strong>📢 UK gov must act now to regulate Facebook, says whistleblower 📢</strong><br><br><code>Frances Haugen told members of the Online Safety Bill committee that the social network &quot;is closing the door on us being able to act”</code><br><br><a href="https://www.itpro.co.uk/business/policy-legislation/361355/uk-gov-must-act-now-to-regulate-facebook-says-whistleblower">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31512">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:31">
21:30
       </div>

       <div class="text">
<strong>📢 Critical vulnerability discovered in popular CI/CD framework 📢</strong><br><br><code>Flaw in GoCD software delivery pipeline thought to have affected a host of NGOs and Fortune 500 companies</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361400/critical-vulnerability-discovered-in-popular-cicd-framework">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31513">

      <div class="body">

       <div class="pull_right date details" title="30.10.2021 21:30:33">
21:30
       </div>

       <div class="text">
<strong>📢 Ransomware gang claims to have hacked the NRA 📢</strong><br><br><code>“Grief&quot; gang says it has already leaked some of its stolen data to the dark web</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361384/ransomware-gang-claims-to-have-hacked-nra">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-938">

      <div class="body details">
31 October 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31514">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="31.10.2021 17:20:25">
17:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-25912 ‼</strong><br><br><code>A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25912">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31515">

      <div class="body">

       <div class="pull_right date details" title="31.10.2021 17:20:26">
17:20
       </div>

       <div class="text">
<strong>‼ CVE-2020-25911 ‼</strong><br><br><code>A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25911">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31516">

      <div class="body">

       <div class="pull_right date details" title="31.10.2021 17:20:27">
17:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-33259 ‼</strong><br><br><code>Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users&apos; DNS query history.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33259">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-939">

      <div class="body details">
1 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31517">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 06:55:50">
06:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ ‘Trojan Source’ Bug Threatens the Security of All Code ♟️</strong><br><br><code>Virtually all compilers -- programs that transform human-readable source code into computer-executable machine code -- are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.</code><br><br><a href="https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31518">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:20:55">
07:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24789 ‼</strong><br><br><code>The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24789">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31519">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:20:56">
07:20
       </div>

       <div class="text">
<strong>‼ CVE-2018-25019 ‼</strong><br><br><code>The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31520">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:20:56">
07:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24793 ‼</strong><br><br><code>The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24793">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31521">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:20:57">
07:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24799 ‼</strong><br><br><code>The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24799">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31522">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:20:58">
07:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24742 ‼</strong><br><br><code>The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin&apos;s settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24742">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31523">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:02">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24570 ‼</strong><br><br><code>The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24570">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31524">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:03">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24624 ‼</strong><br><br><code>The MP3 Audio Player for Music, Radio &amp; Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24624">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31525">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:05">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24682 ‼</strong><br><br><code>The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31526">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:06">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24794 ‼</strong><br><br><code>The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24794">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31527">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:08">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24572 ‼</strong><br><br><code>The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31528">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:10">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24715 ‼</strong><br><br><code>The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24715">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31529">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:11">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24809 ‼</strong><br><br><code>The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, bp_messages_mute_thread, bp_messages_unmute_thread, bp_better_messages_add_user_to_thread, bp_better_messages_exclude_user_from_thread. This could allow attackers to make logged in users do unwanted actions</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24809">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31530">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:12">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-40348 ‼</strong><br><br><code>Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn&apos;t sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40348">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31531">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:14">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24770 ‼</strong><br><br><code>The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated users, such as subscriber, to upload arbitrary images.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24770">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31532">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:15">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24773 ‼</strong><br><br><code>The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24773">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31533">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:16">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24685 ‼</strong><br><br><code>The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the payload)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31534">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:17">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-36505 ‼</strong><br><br><code>The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36505">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31535">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:19">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24716 ‼</strong><br><br><code>The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24716">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31536">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:20">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-41973 ‼</strong><br><br><code>In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41973">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31537">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 07:21:21">
07:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-36503 ‼</strong><br><br><code>The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections&apos; fields, which could lead to a CSV injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36503">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31538">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 09:21:09">
09:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-27644 ‼</strong><br><br><code>In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27644">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31539">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:21:14">
11:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Understanding the Human Communications Attack Surface 🕴</strong><br><br><code>Companies should recognize that collaboration platforms aren&apos;t isolated, secure channels where traditional threats don&apos;t exist.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/understanding-the-human-communications-attack-surface">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31540">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:21:16">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-25874 ‼</strong><br><br><code>AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25874">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31541">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:21:18">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-22563 ‼</strong><br><br><code>Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector&lt;std::vector&lt;T&gt;&gt; when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31542">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:21:19">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-22564 ‼</strong><br><br><code>For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur when processing the right or bottom edges of the image, but only when groups are processed in certain order. Groups can be processed out of order in multi-threaded decoding environments with heavy thread load but also with images that contain the groups in an arbitrary order in the file. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/775</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31543">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:21:20">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-27004 ‼</strong><br><br><code>System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31544">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:21:22">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-25876 ‼</strong><br><br><code>AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators&apos; session cookies or perform actions as an administrator.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25876">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31545">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:21:24">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-25877 ‼</strong><br><br><code>AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25877">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31546">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:21:25">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-25875 ‼</strong><br><br><code>AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators&apos; session cookies or perform actions as an administrator.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31547">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:21:27">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-25878 ‼</strong><br><br><code>AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators&apos; session cookies or perform actions as an administrator.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25878">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31548">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:21:28">
11:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-42557 ‼</strong><br><br><code>In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42557">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31549">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 11:34:35">
11:34
       </div>

       <div class="text">
<strong>🗓️ Ransomware cybercriminals linked to Norsk Hydro attack fall prey to Europol swoop 🗓️</strong><br><br><code>Two-year investigation results in interrogation of ‘high-value’ targets and seizure of cash and computers</code><br><br><a href="https://portswigger.net/daily-swig/ransomware-cybercriminals-linked-to-norsk-hydro-attack-fall-prey-to-europol-swoop">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31550">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 13:04:38">
13:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Bug Bounty Radar // The latest bug bounty programs for November 2021 🗓️</strong><br><br><code>New web targets for the discerning hacker</code><br><br><a href="https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-november-2021">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31551">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 13:16:08">
13:16
       </div>

       <div class="text">
<strong>🦿 10 ways ransomware attackers pressure you to pay the ransom 🦿</strong><br><br><code>Attackers will vow to publicly release the stolen data, try to delete any backups and even deploy DDoS attacks to convince victims to give in to the ransom demands, says Sophos.</code><br><br><a href="https://www.techrepublic.com/article/10-ways-ransomware-attackers-pressure-you-to-pay-the-ransom/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31552">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 13:21:18">
13:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-3704 ‼</strong><br><br><code>Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3704">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31553">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 13:21:19">
13:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-38847 ‼</strong><br><br><code>S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38847">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31554">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 13:21:20">
13:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-3440 ‼</strong><br><br><code>HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3440">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31555">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 13:21:22">
13:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-27005 ‼</strong><br><br><code>Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27005">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31556">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 13:21:24">
13:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-29212 ‼</strong><br><br><code>A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29212">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31557">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 13:21:25">
13:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-3705 ‼</strong><br><br><code>Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3705">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31558">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 13:21:26">
13:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-29213 ‼</strong><br><br><code>A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server&apos;s system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29213">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31559">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 13:21:28">
13:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-28702 ‼</strong><br><br><code>A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28702">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31560">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 14:04:40">
14:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ‘Trojan Source’ Hides Invisible Bugs in Source Code ❌</strong><br><br><code>The old RLO trick of exploiting how Unicode handles script ordering and a related homoglyph attack can imperceptibly switch the real name of malware.</code><br><br><a href="https://threatpost.com/trojan-source-invisible-bugs-source-code/175891/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31561">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 14:04:41">
14:04
       </div>

       <div class="text">
<strong>🗓️ Multiple flaws in telecoms stack software FreeSwitch uncovered 🗓️</strong><br><br><code>Authentication and denial of service risks for DIY PBX tech patched</code><br><br><a href="https://portswigger.net/daily-swig/multiple-flaws-in-telecoms-stack-software-freeswitch-uncovered">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31562">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 15:17:25">
15:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Name That Edge Toon: Parting Thoughts 🕴</strong><br><br><code>Feeling creative? Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.</code><br><br><a href="https://www.darkreading.com/edge-articles/name-that-edge-toon-parting-thoughts">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31563">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 15:21:23">
15:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-26740 ‼</strong><br><br><code>Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26740">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31564">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 15:21:24">
15:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-26739 ‼</strong><br><br><code>SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26739">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31565">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 16:38:42">
16:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Virtual Conferencing Software Must Improve Data Protection, Regulators Warn 🔏</strong><br><br><code>Following an investigation, six countries and four companies outlined best practices for mitigating privacy risks in video conferencing apps.</code><br><br><a href="https://digitalguardian.com/blog/virtual-conferencing-software-must-improve-data-protection-regulators-warn">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31566">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 17:21:27">
17:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42917 ‼</strong><br><br><code>Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31567">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 17:36:04">
17:36
       </div>

       <div class="text">
<strong>❌ Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion ❌</strong><br><br><code>An alleged sports content pirate is accused of not only hijacking leagues&apos; streams but also threatening to tell reporters how he accessed their systems.</code><br><br><a href="https://threatpost.com/pirate-sports-streamer-mlb-extortion/175898/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31568">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 17:47:38">
17:47
       </div>

       <div class="text">
<strong>🕴 Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks 🕴</strong><br><br><code>A researcher will release an open source tool at Black Hat Europe next week that roots out server weaknesses to a sneaky type of attack.</code><br><br><a href="https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31569">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 18:17:39">
18:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SonicWall: &apos;The Year of Ransomware&apos; Continues with Unprecedented Late-Summer Surge 🕴</strong><br><br><code>2021 will be the most costly and dangerous year on record.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/sonicwall-the-year-of-ransomware-continues-with-unprecedented-late-summer-surge">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31570">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 18:17:40">
18:17
       </div>

       <div class="text">
<strong>🕴 New &apos;Trojan Source&apos; Method Lets Attackers Hide Vulns in Source Code 🕴</strong><br><br><code>Researchers discover a new technique attackers could use to encode vulnerabilities into software while evading detection.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/new-trojan-source-method-lets-attackers-hide-vulns-in-source-code">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31571">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:17:47">
19:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Zscaler’s 2021 Encrypted Attacks Report Reveals 314% Spike in HTTPS Threats 🕴</strong><br><br><code>Massive increase in cyberattacks targeting technology and retail industries confirms immediate need for zero-trust security</code><br><br><a href="https://www.darkreading.com/attacks-breaches/zscaler-s-2021-encrypted-attacks-report-reveals-314-spike-in-https-threats">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31572">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:17:50">
19:17
       </div>

       <div class="text">
<strong>🕴 CISA and Partners Coordinate on Security, Combatting Misinformation for Election Day 🕴</strong><br><br><code>CISA will host an election situational awareness room to coordinate with federal partners, state and local election officials, private sector election partners, and political organizations to share real-time information and provide support as needed.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/cisa-and-partners-coordinate-on-security-combatting-misinformation-for-election-day">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31573">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:21:31">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-39341 ‼</strong><br><br><code>The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key function in the ~/OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with the plugin installed. This affects versions up to, and including, 2.6.4.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39341">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31574">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:21:32">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-31849 ‼</strong><br><br><code>SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31849">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31575">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:21:34">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-20136 ‼</strong><br><br><code>ManageEngine Log360 Builds &lt; 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31576">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:21:34">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-39340 ‼</strong><br><br><code>The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39340">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31577">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:21:35">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-31848 ‼</strong><br><br><code>Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31848">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31578">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:21:37">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-38356 ‼</strong><br><br><code>The NextScripts: Social Networks Auto-Poster &lt;= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST[&apos;page&apos;] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value &apos;nxssnap-post&apos; to load the page in $_GET[&apos;page&apos;] along with malicious JavaScript in $_POST[&apos;page&apos;].</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38356">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31579">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:21:38">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-39346 ‼</strong><br><br><code>The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31580">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:21:39">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-39333 ‼</strong><br><br><code>The Hashthemes Demo Importer Plugin &lt;= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31581">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:21:41">
19:21
       </div>

       <div class="text">
<strong>‼ CVE-2018-10909 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10909">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31582">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 19:47:45">
19:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How AI-Driven Security Analytics Speeds Up Enterprise Defense 🕴</strong><br><br><code>Fresh off a $250 million Series E round, Devo Technology plans to expand the core security analytics platform with new features to help enterprise defenders work with security data faster and more effectively.</code><br><br><a href="https://www.darkreading.com/dr-tech/how-ai-driven-security-analytics-speeds-up-enterprise-defense">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31583">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 21:34:27">
21:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43058 ‼</strong><br><br><code>An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43058">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31584">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 21:34:27">
21:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-41187 ‼</strong><br><br><code>DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the API endpoints for /api/trackedEntityInstances and api/events in DHIS2. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance. There are no known exploits of the security vulnerabilities addressed by these patch releases. However, we strongly recommend that all DHIS2 implementations using versions 2.32, 2.33, 2.34, 2.35 and 2.36 install these patches as soon as possible. There is no straightforward known workaround for DHIS2 instances using the Tracker functionality other than upgrading the affected DHIS2 server to one of the patches in which this vulnerability has been fixed. For implementations which do NOT use Tracker functionality, it may be possible to block all network access to POST to the /api/trackedEntityInstance and /api/events endpoints as a temporary workaround while waiting to upgrade.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41187">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31585">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 21:37:28">
21:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-41310 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41310">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31586">

      <div class="body">

       <div class="pull_right date details" title="01.11.2021 21:37:30">
21:37
       </div>

       <div class="text">
<strong>❌ Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token ❌</strong><br><br><code>It&apos;s a legitimate access token, stolen from a third-party contractor, that lets the attackers send phishing emails from kaspersky.com email addresses.</code><br><br><a href="https://threatpost.com/office-365-phishing-campaign-kasperskys-amazon-ses-token/175915/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-940">

      <div class="body details">
2 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31587">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 09:23:23">
09:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-35249 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35249">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31588">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 09:23:24">
09:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-33611 ‼</strong><br><br><code>Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33611">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31589">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 09:23:26">
09:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-27722 ‼</strong><br><br><code>An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the &quot;Key&quot; or &quot;Name&quot; field while registering.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27722">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31590">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 09:23:27">
09:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-27406 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27406">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31591">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 09:23:28">
09:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-27723 ‼</strong><br><br><code>An issue was discovered in Nsasoft US LLC Product Key Explorer 4.2.7. The program can be crashed by entering 300 bytes char data into the &quot;Key&quot; or &quot;Name&quot; field while registering.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31592">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 09:23:29">
09:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36560 ‼</strong><br><br><code>Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36560">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31593">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 11:22:37">
11:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Hackers Are Targeting Cryptocurrency 🕴</strong><br><br><code>Crypto exchanges that want to maintain credibility must implement some of the same &quot;know your customer&quot; controls used by banks and similar institutions.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/how-hackers-are-targeting-cryptocurrency">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31594">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 11:22:39">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42763 ‼</strong><br><br><code>Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench etc) to the specific service. In the backtrace, the Basic Auth Header included in the HTTP request, has the &quot;@&quot; user credentials of the node processing the UI request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42763">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31595">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 11:22:41">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-37842 ‼</strong><br><br><code>metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger time-stamp attached to it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37842">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31596">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 11:22:42">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36923 ‼</strong><br><br><code>RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36923">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31597">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 11:22:44">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36922 ‼</strong><br><br><code>RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36922">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31598">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 11:22:45">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36925 ‼</strong><br><br><code>RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36925">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31599">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 11:22:47">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42568 ‼</strong><br><br><code>Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42568">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31600">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 11:22:49">
11:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36924 ‼</strong><br><br><code>RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36924">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31601">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 11:35:12">
11:35
       </div>

       <div class="text">
<strong>🗓️ Data breach at US physical therapy center impacts more than 6,500 patients 🗓️</strong><br><br><code>Minnesota healthcare provider hit by cyber-attack A US physical therapy center has announced that the personal data of more than 6,500 patients has been breached in a security incident. Viverant PT, b</code><br><br><a href="https://portswigger.net/daily-swig/data-breach-at-us-physical-therapy-center-impacts-more-than-6-500-patients">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31602">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 12:35:16">
12:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Mitre-for-malware project MalAPI seeks community support 🗓️</strong><br><br><code>Windows malware catalogued by API calls</code><br><br><a href="https://portswigger.net/daily-swig/mitre-for-malware-project-malapi-seeks-community-support">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31603">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 12:56:24">
12:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ The ‘Groove’ Ransomware Gang Was a Hoax ♟️</strong><br><br><code>A number of publications in September warned about the emergence of &quot;Groove,&quot; a new ransomware group that called on competing extortion gangs to unite in attacking U.S. government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists.</code><br><br><a href="https://krebsonsecurity.com/2021/11/the-groove-ransomware-gang-was-a-hoax/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31604">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 13:11:51">
13:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Apple macOS Flaw Allows Kernel-Level Compromise ❌</strong><br><br><code>‘Shrootless’ allows bypass of System Integrity Protection IT security measures to install a malicious rootkit that goes undetected and performs arbitrary device operations.</code><br><br><a href="https://threatpost.com/apple-macos-flaw-kernel-compromise/175927/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31605">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 13:22:43">
13:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36794 ‼</strong><br><br><code>In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36794">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31606">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 14:19:01">
14:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ NIST unveils draft criteria for ‘seal of approval’ scheme on consumer software security 🗓️</strong><br><br><code>Baseline standards proposed for secure development, handling vulnerabilities, and protecting sensitive data</code><br><br><a href="https://portswigger.net/daily-swig/nist-unveils-draft-criteria-for-seal-of-approval-scheme-on-consumer-software-security">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31607">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 14:19:02">
14:19
       </div>

       <div class="text">
<strong>🕴 SaaS and Third-Party Risk: Is Your Organization Asking the Hard Questions? 🕴</strong><br><br><code>An investment in due diligence might prevent your organization from being part of next week&apos;s breach news cycle.</code><br><br><a href="https://www.darkreading.com/risk/saas-and-third-party-risk-is-your-organization-asking-the-hard-questions-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31608">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 14:36:44">
14:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Android Patches Actively Exploited Zero-Day Kernel Bug ❌</strong><br><br><code>Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.</code><br><br><a href="https://threatpost.com/android-patches-exploited-kernel-bug/175931/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31609">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 15:19:07">
15:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Phishing and Spam Lures Feature Sports, Aim to Steal Credentials 🕴</strong><br><br><code>Spam volume declined slightly in the third quarter, but attackers sent almost 36 million malicious e-mail attachments, up 5% from the previous quarter, one security firm says.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/phishing-and-spam-lures-feature-sports-aim-to-steal-credentials">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31610">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 15:22:48">
15:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-29737 ‼</strong><br><br><code>IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29737">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31611">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 15:22:50">
15:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-29888 ‼</strong><br><br><code>IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 207123.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29888">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31612">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 15:22:51">
15:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-38948 ‼</strong><br><br><code>IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 211402.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38948">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31613">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 15:22:52">
15:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-29771 ‼</strong><br><br><code>IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29771">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31614">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 15:22:53">
15:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-29875 ‼</strong><br><br><code>IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31615">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 15:22:54">
15:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-29738 ‼</strong><br><br><code>IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 201302.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31616">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:22:54">
17:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-21573 ‼</strong><br><br><code>An issue was discoverered in in abhijitnathwani image-processing v0.1.0, allows local attackers to cause a denial of service via a crafted image file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21573">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31617">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:22:55">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-32595 ‼</strong><br><br><code>Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32595">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31618">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:22:56">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-42754 ‼</strong><br><br><code>An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42754">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31619">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:22:57">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2020-18439 ‼</strong><br><br><code>An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18439">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31620">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:22:57">
17:22
       </div>

       <div class="text">
<strong>‼ CVE-2021-36172 ‼</strong><br><br><code>An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36172">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31621">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:02">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36176 ‼</strong><br><br><code>Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36176">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31622">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:03">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-23754 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23754">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31623">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:05">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-26107 ‼</strong><br><br><code>An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26107">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31624">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:07">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36183 ‼</strong><br><br><code>An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36183">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31625">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:09">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-21574 ‼</strong><br><br><code>Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21574">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31626">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:11">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-21572 ‼</strong><br><br><code>Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 trgil gilcc before commit 803969389ca9c06237075a7f8eeb1a19e6651759, allows attackers to cause a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31627">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:14">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41238 ‼</strong><br><br><code>Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, `LocalRequestsOnlyAuthorizationFilter` filter is being used to allow only local requests and prohibit all the remote requests to provide sensible, protected by default settings. However due to the recent changes, in version 1.7.25 no authorization filters are used by default, allowing remote requests to succeed. If you are using `UseHangfireDashboard` method with default `DashboardOptions.Authorization` property value, then your installation is impacted. If any other authorization filter is specified in the `DashboardOptions.Authorization` property, the you are not impacted. Patched versions (1.7.26) are available both on Nuget.org and as a tagged release on the github repo. Default authorization rules now prohibit remote requests by default again by including the `LocalRequestsOnlyAuthorizationFilter` filter to the default settings. Please upgrade to the newest version in order to mitigate the issue. For users who are unable to upgrade it is possible to mitigate the issue by using the `LocalRequestsOnlyAuthorizationFilter` explicitly when configuring the Dashboard UI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41238">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31628">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:15">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-23719 ‼</strong><br><br><code>Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31629">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:17">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-12814 ‼</strong><br><br><code>A improper neutralization of input during web page generation (&apos;cross-site scripting&apos;) in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12814">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31630">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:20">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41019 ‼</strong><br><br><code>An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31631">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:21">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41023 ‼</strong><br><br><code>A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31632">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:23">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41022 ‼</strong><br><br><code>A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31633">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:25">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-15940 ‼</strong><br><br><code>An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15940">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31634">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:27">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36186 ‼</strong><br><br><code>A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36186">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31635">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:23:29">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36184 ‼</strong><br><br><code>A improper neutralization of Special Elements used in an SQL Command (&apos;SQL Injection&apos;) in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36184">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31636">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:36:50">
17:36
       </div>

       <div class="text">
<strong>❌ Ransomware Gangs Target Corporate Financial Activities ❌</strong><br><br><code>The FBI is warning about a fresh extortion tactic: threatening to tank share prices for publicly held companies.</code><br><br><a href="https://threatpost.com/ransomware-corporate-financial/175940/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31637">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:49:14">
17:49
       </div>

       <div class="text">
<strong>🕴 Female-Founded Cybersecurity Startup Wabbi Raises Over $2M in Seed Funding 🕴</strong><br><br><code>Wabbi enables companies to assimilate application security processes into development pipelines to produce and scale application security across enterprises.</code><br><br><a href="https://www.darkreading.com/operations/female-founded-cybersecurity-startup-wabbi-raises-over-2m-in-seed-funding">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31638">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:49:16">
17:49
       </div>

       <div class="text">
<strong>🕴 FBI: Ransomware Actors Use Financial Events to Extort Victims 🕴</strong><br><br><code>Attackers research financial information about an organization and threaten to disclose it if they don&apos;t receive ransom quickly.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/fbi-ransomware-actors-use-financial-events-to-extort-victims">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31639">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 17:49:17">
17:49
       </div>

       <div class="text">
<strong>🕴 China Hosts More Malware Than Russia: Findings from DNSFilter&apos;s 2021 Domain Threat Report 🕴</strong><br><br><code>Cryptomining has also had a resurgence over the last year as blockchain technology and NFTs rise in popularity.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/china-hosts-more-malware-than-russia-findings-from-dnsfilter-s-2021-domain-threat-report">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31640">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 18:06:50">
18:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Squid Game Crypto Scammers Rips Off Investors for Millions ❌</strong><br><br><code>Anti-dumping code kept investors from selling SQUID while fraudsters cashed out.</code><br><br><a href="https://threatpost.com/squid-game-crypto-scammers-investors/175951/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31641">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 18:19:15">
18:19
       </div>

       <div class="text">
<strong>🕴 44% of Parents Struggle to Follow Tech Rules They Set for Their Kids 🕴</strong><br><br><code>Parents perceive norms of behavior to be different for themselves and their children, according to Kaspersky..</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/44-of-parents-struggle-to-follow-tech-rules-they-set-for-their-kids">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31642">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 18:19:16">
18:19
       </div>

       <div class="text">
<strong>🕴 Microsoft Expands Security to AWS in Multicloud Push 🕴</strong><br><br><code>Microsoft will expand its cloud security tools to AWS within a suite called Defender for Cloud and launch a new Defender for Business in preview later this month.</code><br><br><a href="https://www.darkreading.com/cloud/microsoft-defender-for-cloud-protects-aws-environments">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31643">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 18:19:18">
18:19
       </div>

       <div class="text">
<strong>🕴 Dragos Launches ServiceNow’s OT Asset Discovery App 🕴</strong><br><br><code>Integration with Dragos Platform will help joint customers to expand the visibility of ICS/OT assets.</code><br><br><a href="https://www.darkreading.com/operations/dragos-launches-servicenow-s-ot-asset-discovery-app">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31644">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 18:19:18">
18:19
       </div>

       <div class="text">
<strong>🕴 Vaultree Raises $3.3M for Encryption Solution 🕴</strong><br><br><code>The company&apos;s platform uses Enhanced Searchable Symmetric Encryption (ESSE) and Fully Homomorphic Encryption (FHE) technologies.</code><br><br><a href="https://www.darkreading.com/operations/vaultree-raises-3-3m-for-encryption-solution">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31645">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 18:19:19">
18:19
       </div>

       <div class="text">
<strong>🕴 The Executive Women&apos;s Forum on Information Security, Risk Management &amp; Privacy Elects Three Board Advisers 🕴</strong><br><br><code>Security executives hail from Target, Eli Lilley, and SecurityCurve/SaltCybersecurity.</code><br><br><a href="https://www.darkreading.com/careers-and-people/the-executive-women-s-forum-on-information-security-risk-management-privacy-elects-three-board-advisers">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31646">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 18:22:18">
18:22
       </div>

       <div class="text">
<strong>🦿 Secure SSH logins with knockd 🦿</strong><br><br><code>You need to lock down your servers so that only you have access via SSH. One way to help that is with knockd. Jack Wallen shows you how.</code><br><br><a href="https://www.techrepublic.com/videos/secure-ssh-logins-with-knockd/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31647">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:22:57">
19:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2018-6058 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11215. Reason: This candidate is a reservation duplicate of CVE-2017-11215. Notes: All CVE users should reference CVE-2017-11215 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6058">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31648">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:23:00">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37978 ‼</strong><br><br><code>Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37978">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31649">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:23:01">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37980 ‼</strong><br><br><code>Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37980">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31650">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:23:03">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37960 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37960">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31651">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:23:06">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-30631 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30631">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31652">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:23:08">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2018-6059 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11225. Reason: This candidate is a reservation duplicate of CVE-2017-11225. Notes: All CVE users should reference CVE-2017-11225 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6059">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31653">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:23:10">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2019-5863 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5863">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31654">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:23:12">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37979 ‼</strong><br><br><code>heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31655">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:23:15">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37977 ‼</strong><br><br><code>Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37977">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31656">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:23:17">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2018-6044 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16064. Reason: This candidate is a reservation duplicate of CVE-2018-16064. Notes: All CVE users should reference CVE-2018-16064 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6044">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31657">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 19:49:19">
19:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Attackers Flaunt Remote Access Credentials, Threaten Supply Chain 🕴</strong><br><br><code>Attackers advertise access to computers within shipping and logistics companies as the global supply chain struggles to meet post-COVID demands.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/attackers-flaunt-remote-access-credentials-threaten-supply-chain">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31658">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 20:31:05">
20:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 McAfee Total Protection review: Expensive at full price 📢</strong><br><br><code>Protects your PC and includes a decent firewall, but costly and less effective than some rivals</code><br><br><a href="https://www.itpro.co.uk/security/antivirus/361422/mcafee-total-protection-review-expensive-at-full-price">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31659">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 20:31:06">
20:31
       </div>

       <div class="text">
<strong>📢 What is end-to-end encryption and why is everyone fighting over it? 📢</strong><br><br><code>End-to-end encryption is considered one of the best ways to protect user data, but not everyone thinks it&apos;s a good idea</code><br><br><a href="https://www.itpro.co.uk/security/encryption/359943/what-is-end-to-end-encryption-and-why-is-everyone-fighting-over-it">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31660">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 20:31:08">
20:31
       </div>

       <div class="text">
<strong>📢 17 Windows 10 problems - and how to fix them 📢</strong><br><br><code>Tips and tricks for everything from upgrade issues and freeing up storage, to solving privacy errors and using safe mode</code><br><br><a href="https://www.itpro.co.uk/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31661">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 20:31:10">
20:31
       </div>

       <div class="text">
<strong>📢 Hackers could use new Wslink malware in highly targeted cyber attacks 📢</strong><br><br><code>Malware acts as a server, but its origins baffle boffins</code><br><br><a href="https://www.itpro.co.uk/security/malware/361413/hackers-could-use-new-wslink-malware-in-highly-targeted-cyber-attacks">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31662">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 20:31:11">
20:31
       </div>

       <div class="text">
<strong>📢 Celebrity data leaked after ransomware attack on London&apos;s Graff jewellers 📢</strong><br><br><code>Russia-based Conti ransomware group is demanding tens of millions in cryptocurrency</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361409/london-jeweller-graff-conti-ransomware-celebrity-leak">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31663">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 20:31:12">
20:31
       </div>

       <div class="text">
<strong>📢 Manufacturers forced to improve cyber security of wireless devices under new EU rule 📢</strong><br><br><code>Businesses will have 30 months to comply with the new rules if they want to ship their products to the EU</code><br><br><a href="https://www.itpro.co.uk/business/policy-legislation/361407/eu-wireless-devices-cyber-security-law">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31664">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 20:31:15">
20:31
       </div>

       <div class="text">
<strong>📢 Apple&apos;s ad transparency policy has cost Facebook, YouTube, Snap almost $10 billion so far 📢</strong><br><br><code>Estimate from the Financial Times says Facebook has been hit hardest by new rule requiring user consent</code><br><br><a href="https://www.itpro.co.uk/security/privacy/361406/facebook-youtube-snap-lose-10bn-apple-app-tracking-user-consent">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31665">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 20:31:17">
20:31
       </div>

       <div class="text">
<strong>📢 Microsoft Exchange Servers are being used to distribute SquirrelWaffle malware 📢</strong><br><br><code>Exploiting an unpatched Exchange Server vulnerability and a less-than-foolproof malicious URL strategy is leading to mounting infections in businesses</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361417/microsoft-exchange-servers-distribute-squirrelwaffle-malware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31666">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:02">
21:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43267 ‼</strong><br><br><code>An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43267">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31667">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:03">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37982 ‼</strong><br><br><code>Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37982">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31668">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:04">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43264 ‼</strong><br><br><code>In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43264">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31669">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:05">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37993 ‼</strong><br><br><code>Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37993">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31670">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:08">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43270 ‼</strong><br><br><code>Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext SMTP on port 25 in some cases where encryption on port 465 was intended.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31671">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:09">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37991 ‼</strong><br><br><code>Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31672">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:11">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42697 ‼</strong><br><br><code>Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31673">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:15">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37990 ‼</strong><br><br><code>Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31674">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:16">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37996 ‼</strong><br><br><code>Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37996">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31675">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:17">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2019-13776 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: some publications have used this number when they meant to use CVE-2019-13376.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13776">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31676">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:19">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-16048 ‼</strong><br><br><code>Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16048">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31677">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:21">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37983 ‼</strong><br><br><code>Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37983">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31678">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:22">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2018-6125 ‼</strong><br><br><code>Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6125">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31679">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:23">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37984 ‼</strong><br><br><code>Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31680">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:24">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37994 ‼</strong><br><br><code>Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37994">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31681">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:26">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2017-5123 ‼</strong><br><br><code>Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5123">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31682">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:28">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37989 ‼</strong><br><br><code>Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37989">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31683">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:29">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37988 ‼</strong><br><br><code>Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37988">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31684">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:30">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37987 ‼</strong><br><br><code>Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37987">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31685">

      <div class="body">

       <div class="pull_right date details" title="02.11.2021 21:23:32">
21:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37995 ‼</strong><br><br><code>Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox (URL bar) via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37995">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-941">

      <div class="body details">
3 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31686">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:16">
02:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41312 ‼</strong><br><br><code>Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41312">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31687">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:17">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-5955 ‼</strong><br><br><code>An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5955">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31688">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:18">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38497 ‼</strong><br><br><code>Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox &lt; 93, Thunderbird &lt; 91.2, and Firefox ESR &lt; 91.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38497">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31689">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:19">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20706 ‼</strong><br><br><code>Improper input validation vulnerability in the WebManager CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote file upload via network.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20706">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31690">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:21">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39237 ‼</strong><br><br><code>Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31691">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:22">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20703 ‼</strong><br><br><code>Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote code execution via a network.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20703">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31692">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:23">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38500 ‼</strong><br><br><code>Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird &lt; 78.15, Thunderbird &lt; 91.2, Firefox ESR &lt; 91.2, Firefox ESR &lt; 78.15, and Firefox &lt; 93.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38500">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31693">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:25">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38491 ‼</strong><br><br><code>Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox &lt; 92.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38491">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31694">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:26">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20707 ‼</strong><br><br><code>Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to read files upload via network..</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20707">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31695">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:27">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-27820 ‼</strong><br><br><code>A vulnerability was found in Linux kernel, where a use-after-frees in nouveau&apos;s postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if &quot;unbind&quot; the driver).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27820">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31696">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:28">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38499 ‼</strong><br><br><code>Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 93.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38499">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31697">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:29">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38494 ‼</strong><br><br><code>Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 92.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38494">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31698">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:30">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20135 ‼</strong><br><br><code>Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20135">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31699">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:31">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-29991 ‼</strong><br><br><code>Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3. This vulnerability affects Firefox &lt; 91.0.1 and Thunderbird &lt; 91.0.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31700">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:33">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41036 ‼</strong><br><br><code>In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41036">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31701">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:34">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-20705 ‼</strong><br><br><code>Improper input validation vulnerability in the WebManager CLUSTERPRO X 1.0 for Windows and later, EXPRESSCLUSTER X 1.0 for Windows and later allows attacker to remote file upload via network.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20705">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31702">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:35">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38493 ‼</strong><br><br><code>Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 78.14, Thunderbird &lt; 78.14, and Firefox &lt; 92.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31703">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:37">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38502 ‼</strong><br><br><code>Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird &lt; 91.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38502">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31704">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:38">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-29993 ‼</strong><br><br><code>Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cause crashes and UI spoofs. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 92.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29993">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31705">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 02:23:40">
02:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38492 ‼</strong><br><br><code>When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox &lt; 92, Thunderbird &lt; 91.1, Thunderbird &lt; 78.14, Firefox ESR &lt; 78.14, and Firefox ESR &lt; 91.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38492">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31706">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 05:20:06">
05:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Simulation Game Teaches Non-Security Staff How to Handle a Cyber Crisis 🕴</strong><br><br><code>In this card-based game from Kaspersky, players work through a cyberattack scenario and learn how each decision they make has consequences.</code><br><br><a href="https://www.darkreading.com/edge-articles/simulation-game-teaches-non-security-staff-how-to-handle-a-cyber-crisis">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31707">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 09:23:30">
09:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40849 ‼</strong><br><br><code>In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40849">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31708">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 09:23:32">
09:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40848 ‼</strong><br><br><code>In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40848">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31709">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 09:23:33">
09:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-33209 ‼</strong><br><br><code>An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33209">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31710">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 09:23:34">
09:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-33210 ‼</strong><br><br><code>An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33210">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31711">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 09:23:35">
09:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36192 ‼</strong><br><br><code>An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36192">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31712">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 09:37:15">
09:37
       </div>

       <div class="text">
<strong>❌ Report: BlackMatter Ransomware Gang Goes Dark, Again ❌</strong><br><br><code>The former DarkSide cybercriminal group will shut down due to increased pressure from authorities, who may have nabbed a key team member.</code><br><br><a href="https://threatpost.com/blackmatter-ransomware-dark/175955/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31713">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 10:53:17">
10:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Ransomware gangs leaking sensitive financial information to extort organizations 🦿</strong><br><br><code>Attackers will threaten to release confidential data that could affect a company&apos;s stock price to pressure them to pay the ransom, says the FBI.</code><br><br><a href="https://www.techrepublic.com/article/ransomware-gangs-leaking-sensitive-financial-information-to-extort-organizations/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31714">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 10:53:18">
10:53
       </div>

       <div class="text">
<strong>🦿 Digital natives more likely to fall for phishing attacks at work than their Gen X and Boomer colleagues 🦿</strong><br><br><code>SailPoint survey finds that younger workers also are more likely to use company email addresses for online shopping and subscriptions.</code><br><br><a href="https://www.techrepublic.com/article/digital-natives-more-likely-to-fall-for-phishing-attacks-at-work-than-their-gen-x-and-boomer-colleagues/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31715">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 10:53:20">
10:53
       </div>

       <div class="text">
<strong>🦿 Rootkits: Expensive to build, cheap to rent 🦿</strong><br><br><code>Positive Technology analysts found ready-made malware for any budget as well as the option to have a custom-build rootkit on Dark Web forums.</code><br><br><a href="https://www.techrepublic.com/article/rootkits-expensive-to-build-cheap-to-rent/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31716">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 11:06:01">
11:06
       </div>

       <div class="text">
<strong>🗓️ RCE vulnerability found in Sitecore enterprise CMS software 🗓️</strong><br><br><code>Vendor update is available now</code><br><br><a href="https://portswigger.net/daily-swig/rce-vulnerability-found-in-sitecore-enterprise-cms-software">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31717">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 11:20:35">
11:20
       </div>

       <div class="text">
<strong>🕴 Risk Quantification: A Powerful Tool in Your Cyberthreat Defense Arsenal 🕴</strong><br><br><code>Three ways that understanding your cyber-risk in real dollars can help your organization survive the threat of ransomware and other attacks.</code><br><br><a href="https://www.darkreading.com/risk/risk-quantification-a-powerful-tool-in-your-cyberthreat-defense-arsenal">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31718">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 11:23:10">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36697 ‼</strong><br><br><code>With an admin account, the .htaccess file in Artica Pandora FMS &lt;=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new &quot;file type&quot; and the code can be executed with an HTTP request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31719">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 11:23:12">
11:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-36698 ‼</strong><br><br><code>Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31720">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 11:50:39">
11:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Valtix Delivers Free Cloud Security for Departmental, Development, and Test Applications 🕴</strong><br><br><code>Company aims to make cloud network security more accessible to all organizations.</code><br><br><a href="https://www.darkreading.com/cloud/valtix-delivers-free-cloud-security-for-departmental-development-and-test-applications">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31721">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 12:06:05">
12:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Dangerous uXSS bug in Google Chrome’s ‘New Tab’ page bypassed security features 🗓️</strong><br><br><code>‘Chrome’s NTP only has a really weak CSP that doesn’t mitigate XSS’</code><br><br><a href="https://portswigger.net/daily-swig/dangerous-uxss-bug-in-google-chromes-new-tab-page-bypassed-security-features">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31722">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 12:17:06">
12:17
       </div>

       <div class="text">
<strong>🦿 Report: More than half of organizations do not effectively defend against cyberattacks 🦿</strong><br><br><code>Accenture&apos;s State of Cyber Resilience study also revealed key traits of cyber resilient leaders. The report found an average of 270 attacks per year per company.</code><br><br><a href="https://www.techrepublic.com/article/report-more-than-half-of-organizations-do-not-effectively-defend-against-cyberattacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31723">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 13:23:23">
13:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43130 ‼</strong><br><br><code>An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31724">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 13:23:24">
13:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43324 ‼</strong><br><br><code>LibreNMS through 21.10.2 allows XSS via a widget title.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43324">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31725">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 13:36:04">
13:36
       </div>

       <div class="text">
<strong>🗓️ Mozilla debuts Site Isolation technology with Firefox update 🗓️</strong><br><br><code>Sandboxing technology levels up browser security</code><br><br><a href="https://portswigger.net/daily-swig/mozilla-debuts-site-isolation-technology-with-firefox-update">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31726">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 14:07:25">
14:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Predicting the Next OWASP API Security Top 10 ❌</strong><br><br><code>API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.</code><br><br><a href="https://threatpost.com/owasp-api-security-top-10/175961/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31727">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 14:20:48">
14:20
       </div>

       <div class="text">
<strong>🕴 Is Sandboxing Dead? 🕴</strong><br><br><code>Organizations should start to evaluate other security measures to replace or complement the once-venerable security sandbox.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/is-sandboxing-dead-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31728">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 14:47:55">
14:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Facebook to throw out face recognition, delete all template data ⚠</strong><br><br><code>Publicity stunt? Or privacy progress?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/03/facebook-to-throw-out-face-recognition-delete-all-template-data/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31729">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 14:47:56">
14:47
       </div>

       <div class="text">
<strong>⚠ Europol announces “targeting” of 12 suspects in ransomware attacks ⚠</strong><br><br><code>More anti-ransomware activity by law enforcement, this time in Switzerland and Ukraine.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/10/30/europol-announce-targeting-of-12-suspects-in-ransomware-attacks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31730">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:09:53">
15:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 CISA: Patch These Bugs Now 🔏</strong><br><br><code>CISA is giving federal agencies between two weeks and six months to patch known exploited vulnerabilities.</code><br><br><a href="https://digitalguardian.com/blog/cisa-patch-these-bugs-now">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31731">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:14:34">
15:14
       </div>

       <div class="text">
<strong>🛠 Clam AntiVirus Toolkit 0.104.1 🛠</strong><br><br><code>Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.</code><br><br><a href="https://packetstormsecurity.com/files/164759/clamav-0.104.1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31732">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:33">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37147 ‼</strong><br><br><code>Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37147">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31733">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:35">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41585 ‼</strong><br><br><code>Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41585">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31734">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:36">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-26786 ‼</strong><br><br><code>An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26786">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31735">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:37">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-23680 ‼</strong><br><br><code>An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23680">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31736">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:38">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-20982 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20982">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31737">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:40">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40985 ‼</strong><br><br><code>Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40985">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31738">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:41">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38161 ‼</strong><br><br><code>Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38161">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31739">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:42">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-23126 ‼</strong><br><br><code>Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31740">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:43">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-27836 ‼</strong><br><br><code>An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27836">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31741">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:44">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37149 ‼</strong><br><br><code>Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37149">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31742">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:46">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-23109 ‼</strong><br><br><code>Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23109">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31743">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:47">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37148 ‼</strong><br><br><code>Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37148">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31744">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:48">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-24743 ‼</strong><br><br><code>An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24743">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31745">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:50">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43082 ‼</strong><br><br><code>Buffer Copy without Checking Size of Input (&apos;Classic Buffer Overflow&apos;) vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43082">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31746">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:51">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-24000 ‼</strong><br><br><code>SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31747">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:23:52">
15:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-23679 ‼</strong><br><br><code>Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31748">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 15:37:24">
15:37
       </div>

       <div class="text">
<strong>❌ ‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks ❌</strong><br><br><code>The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new &quot;Tortilla&quot; threat actor.</code><br><br><a href="https://threatpost.com/tortilla-exchange-servers-proxyshell/175967/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31749">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 16:47:12">
16:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Data and the policies that protect it: 4 essential plans to have in place 🦿</strong><br><br><code>These four sample policies can help you protect your data by ensuring it&apos;s properly encrypted, stored safely, only accessible by certain people, and securely backed up.</code><br><br><a href="https://www.techrepublic.com/article/data-and-the-policies-that-protect-it-4-essential-plans-to-have-in-place/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31750">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 16:47:13">
16:47
       </div>

       <div class="text">
<strong>🦿 BlackMatter ransomware gang allegedly disbanding due to pressure from authorities 🦿</strong><br><br><code>Operators of the ransomware-as-a-service group are claiming that the project is closed and that their entire infrastructure will be turned off.</code><br><br><a href="https://www.techrepublic.com/article/blackmatter-ransomware-gang-allegedly-disbanding-due-to-pressure-from-authorities/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31751">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 16:50:56">
16:50
       </div>

       <div class="text">
<strong>🕴 Infosec and Business Alignment Lowers Breach Cost, Boosts Security 🕴</strong><br><br><code>As attacks and security budgets continue to rise, data shows the most secure organizations are the ones that strike a security-business balance.</code><br><br><a href="https://www.darkreading.com/operations/infosec-and-business-alignment-lowers-breach-cost-boosts-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31752">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:07:25">
17:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign ❌</strong><br><br><code>The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members.</code><br><br><a href="https://threatpost.com/mekotio-banking-trojan-campaign/175981/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31753">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:20:57">
17:20
       </div>

       <div class="text">
<strong>🕴 Where is Cloud Permissions Management headed? 🕴</strong><br><br><code>Cloud Permissions Management emerged as a standalone cloud security technology, but is quickly becoming part of a broader set of capabilities</code><br><br><a href="https://www.darkreading.com/omdia/where-is-cloud-permissions-management-headed-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31754">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:20:57">
17:20
       </div>

       <div class="text">
<strong>🕴 US Blacklists Israeli Firms NSO Group and Candiru 🕴</strong><br><br><code>The US Commerce Department has also added Russia&apos;s Positive Technologies and Singapore&apos;s Computer Security Initiative Consultancy.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/us-blacklists-israeli-firms-nso-group-candiru">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31755">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:10">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23624 ‼</strong><br><br><code>This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23624">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31756">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:12">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23472 ‼</strong><br><br><code>This affects all versions of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23472">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31757">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:14">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18263 ‼</strong><br><br><code>PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18263">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31758">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:16">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23509 ‼</strong><br><br><code>This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23509">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31759">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:17">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18259 ‼</strong><br><br><code>ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18259">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31760">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:18">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23807 ‼</strong><br><br><code>This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23807">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31761">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:19">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18262 ‼</strong><br><br><code>ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18262">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31762">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:22">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43140 ‼</strong><br><br><code>SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31763">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:23">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-18261 ‼</strong><br><br><code>An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18261">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31764">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:24">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23820 ‼</strong><br><br><code>This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23820">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31765">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:26">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41134 ‼</strong><br><br><code>nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting (XSS) issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs before returning it to be displayed. The diffNotebookCheckpoint function within nbdime causes this issue. When attempting to display the name of the local notebook (diffNotebookCheckpoint), nbdime appears to simply append .ipynb to the name of the input file. The NbdimeWidget is then created, and the base string is passed through to the request API function. From there, the frontend simply renders the HTML tag and anything along with it. Users are advised to patch to the most recent version of the affected product.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41134">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31766">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:28">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43141 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31767">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:30">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41174 ‼</strong><br><br><code>Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim&apos;s browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly braces for interpolation binding: {{ }} ex: {{constructor.constructor(‘alert(1)’)()}}. When the user follows the link and the page renders, the login button will contain the original link with a query parameter to force a redirect to the login page. The URL is not validated and the AngularJS rendering engine will execute the JavaScript expression contained in the URL. Users are advised to upgrade as soon as possible. If for some reason you cannot upgrade, you can use a reverse proxy or similar to block access to block the literal string {{ in the path.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41174">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31768">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:23:31">
17:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-23784 ‼</strong><br><br><code>This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23784">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31769">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 17:50:59">
17:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cloud Data Security Startup Launches 🕴</strong><br><br><code>TrustLogix aims to streamline and simplify data governance in the cloud.</code><br><br><a href="https://www.darkreading.com/cloud/data-security-startup-launches">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31770">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 18:17:12">
18:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cisco Talos reports new variant of Babuk ransomware targeting Exchange servers 🦿</strong><br><br><code>A new bad actor called Tortilla is running the campaign, and most affected users are in the U.S.</code><br><br><a href="https://www.techrepublic.com/article/cisco-talos-reports-new-variant-of-babuk-ransomware-targeting-exchange-servers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31771">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 18:20:58">
18:20
       </div>

       <div class="text">
<strong>🕴 5 MITRE ATT&amp;CK Tactics Most Frequently Detected by Cisco Secure Firewalls 🕴</strong><br><br><code>Cisco Security examines the most frequently encountered MITRE ATT&amp;CK tactics and techniques.</code><br><br><a href="https://www.darkreading.com/edge-threat-monitor/5-mitre-attck-tactics-most-frequently-detected-by-cisco-secure-firewalls">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31772">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 18:20:59">
18:20
       </div>

       <div class="text">
<strong>🕴 CISA Issues New Directive for Patching Known Exploited Vulnerabilities 🕴</strong><br><br><code>The goal is to reduce civilian federal agency exposure to attacks that threat actors are actively using in campaigns, agency says.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/cisa-issues-new-directive-for-patching-known-exploited-vulnerabilities">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31773">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:21:04">
19:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Researchers Scan the Web to Uncover Malware Infections 🕴</strong><br><br><code>Dozens of companies and universities regularly scan the Internet to gather data on connected devices, but some firms are looking deeper to uncover the extent of detectable malware infections.</code><br><br><a href="https://www.darkreading.com/security-monitoring/researchers-scan-the-web-to-uncover-malware-infections">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31774">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:24">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38411 ‼</strong><br><br><code>Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38411">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31775">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:25">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22960 ‼</strong><br><br><code>The parse function in llhttp &lt; 2.1.4 and &lt; 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22960">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31776">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:26">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43338 ‼</strong><br><br><code>In Ericsson Network Location MPS GMPC21, it is possible to creates a new admin user with a SQL Query for file_name in the export functionality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31777">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:28">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38420 ‼</strong><br><br><code>Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38420">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31778">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:29">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38422 ‼</strong><br><br><code>Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38422">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31779">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:31">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41562 ‼</strong><br><br><code>A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31780">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:32">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38407 ‼</strong><br><br><code>Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38407">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31781">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:33">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38416 ‼</strong><br><br><code>Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38416">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31782">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:35">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-28416 ‼</strong><br><br><code>HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28416">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31783">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:36">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38488 ‼</strong><br><br><code>Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38488">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31784">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:37">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38403 ‼</strong><br><br><code>Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38403">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31785">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:39">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-41492 ‼</strong><br><br><code>Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41492">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31786">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:40">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42772 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31787">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:41">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43339 ‼</strong><br><br><code>In Ericsson Network Location MPS GMPC21, it is possible to inject commands via file_name in the export functionality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43339">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31788">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:42">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43032 ‼</strong><br><br><code>In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43032">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31789">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:44">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-33800 ‼</strong><br><br><code>In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33800">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31790">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:46">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-6931 ‼</strong><br><br><code>HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31791">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:47">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-35053 ‼</strong><br><br><code>Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35053">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31792">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:50">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38418 ‼</strong><br><br><code>Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38418">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31793">

      <div class="body">

       <div class="pull_right date details" title="03.11.2021 19:23:51">
19:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-38424 ‼</strong><br><br><code>The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38424">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-942">

      <div class="body details">
4 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31794">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 01:01:56">
01:01
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 “Trojan Source” hides flaws in source code from humans 📢</strong><br><br><code>Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks</code><br><br><a href="https://www.itpro.co.uk/security/trojans/361425/trojan-source-hides-flaws-in-source-code-from-humans">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31795">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 01:11:52">
01:11
       </div>

       <div class="text">
<strong>📢 Office 365 phishing campaign used stolen Kaspersky Amazon SES token to fool victims 📢</strong><br><br><code>Credentials stolen from users after legitimate-looking email arrives in inboxes</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361427/new-office-365-phishing-campaign-used-stolen-kaspersky-amazon-ses-token-to">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31796">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 01:11:53">
01:11
       </div>

       <div class="text">
<strong>📢 Microsoft unveils Defender for Business at Ignite 2021 📢</strong><br><br><code>The new security suite is aimed at SMBs struggling to protect themselves in today&apos;s cyber security landscape</code><br><br><a href="https://www.itpro.co.uk/security/endpoint-security/361424/microsoft-unveils-defender-for-business-at-ignite-2021">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31797">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 01:14:54">
01:14
       </div>

       <div class="text">
<strong>📢 Mitre reveals 10 worst hardware security weaknesses in 2021 📢</strong><br><br><code>The list aims to highlight common hardware flaws to help eliminate them from product development cycles</code><br><br><a href="https://www.itpro.co.uk/hardware/361437/mitre-reveals-10-worst-hardware-security-weaknesses-in-2021">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31798">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 01:14:54">
01:14
       </div>

       <div class="text">
<strong>📢 Facebook is shutting down its controversial facial recognition system 📢</strong><br><br><code>The move will see more than a billion facial templates removed from Facebook&apos;s records amid a push for more private applications of the technology</code><br><br><a href="https://www.itpro.co.uk/security/biometrics/361430/facebook-shutdown-facial-recognition-system">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31799">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 01:14:55">
01:14
       </div>

       <div class="text">
<strong>📢 BlackMatter ransomware gang claims to have ceased operation 📢</strong><br><br><code>Despite the announcement made via its client portal, experts believe the hacker group will soon be planning a return</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361434/blackmatter-ransomware-gang-claims-to-have-ceased-operation">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31800">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 09:24:38">
09:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-25368 ‼</strong><br><br><code>A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25368">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31801">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 09:24:40">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2020-25367 ‼</strong><br><br><code>A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31802">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 09:24:40">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-34594 ‼</strong><br><br><code>TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34594">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31803">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 09:24:41">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-34597 ‼</strong><br><br><code>Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34597">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31804">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 09:24:42">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2020-25366 ‼</strong><br><br><code>An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25366">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31805">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 09:24:43">
09:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-42624 ‼</strong><br><br><code>A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42624">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31806">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 10:08:02">
10:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar ❌</strong><br><br><code>The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info.</code><br><br><a href="https://threatpost.com/magecart-credit-card-skimmer-avoids-vms-to-fly-under-the-radar/175993/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31807">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 10:11:31">
10:11
       </div>

       <div class="text">
<strong>🗓️ Human rights activists condemn mass denial of service as Sudan’s nationwide internet shutdown enters second week 🗓️</strong><br><br><code>‘All mobile internet networks are completely cut off,’ one journalist on the ground tells The Daily Swig</code><br><br><a href="https://portswigger.net/daily-swig/human-rights-activists-condemn-mass-denial-of-service-as-sudans-nationwide-internet-shutdown-enters-second-week">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31808">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 11:23:51">
11:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Having Trouble Finding Cybersecurity Talent? You Might Be the Problem 🕴</strong><br><br><code>Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company&apos;s values. Here are three ways to start.</code><br><br><a href="https://www.darkreading.com/careers-and-people/having-trouble-finding-cybersecurity-talent-you-might-be-the-problem">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31809">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 11:36:36">
11:36
       </div>

       <div class="text">
<strong>🗓️ Remote code execution, SQL injection bugs uncovered in Pentaho Business Analytics software 🗓️</strong><br><br><code>Penetration test reveals severe issues in Hitachi Vantara’s business solution</code><br><br><a href="https://portswigger.net/daily-swig/remote-code-execution-sql-injection-bugs-uncovered-in-pentaho-business-analytics-software">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31810">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 12:22:14">
12:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How to Avoid Another Let&apos;s Encrypt-Like Meltdown 🕴</strong><br><br><code>Experts weigh in on steps network and security administrators need to take before the next time a root certificate expires.</code><br><br><a href="https://www.darkreading.com/dr-tech/how-to-avoid-another-lets-encrypt-like-meltdown">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31811">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 12:52:16">
12:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Appsian Security Announces Acquisition of Q Software, a Leader in JD Edwards Security and Compliance 🕴</strong><br><br><code>The acquisition provides customers of JD Edwards, along with Oracle EBS and Oracle Cloud, with expanded capabilities for data masking, threat detection and response, and real-time analytics across multiple ERP applications.</code><br><br><a href="https://www.darkreading.com/application-security/appsian-security-announces-acquisition-of-q-software-a-leader-in-jd-edwards-security-and-compliance">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31812">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 13:08:07">
13:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Critical Linux Kernel Bug Allows Remote Takeover ❌</strong><br><br><code>The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.</code><br><br><a href="https://threatpost.com/critical-linux-kernel-bug/176000/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31813">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 13:38:07">
13:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Free Discord Nitro Offer Used to Steal Steam Credentials ❌</strong><br><br><code>A fake Steam pop-up prompts users to ‘link’ Discord account for free Nitro subs.</code><br><br><a href="https://threatpost.com/free-discord-nitro-offer-steam-credentials/176011/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31814">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 14:06:38">
14:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Majority of consumer IoT vendors still lack vulnerability disclosure programs – report 🗓️</strong><br><br><code>Dismal findings appear to vindicate global efforts to regulate the sector</code><br><br><a href="https://portswigger.net/daily-swig/majority-of-consumer-iot-vendors-still-lack-vulnerability-disclosure-programs-report">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31815">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 14:11:39">
14:11
       </div>

       <div class="text">
<strong>🗓️ US federal agencies ordered to patch hundreds of actively exploited vulnerabilities 🗓️</strong><br><br><code>CISA directive establishes tight patching deadlines</code><br><br><a href="https://portswigger.net/daily-swig/us-federal-agencies-ordered-to-patch-hundreds-of-actively-exploited-vulnerabilities">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31816">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 14:17:45">
14:17
       </div>

       <div class="text">
<strong>🦿 US government orders federal agencies to patch 100s of vulnerabilities 🦿</strong><br><br><code>The Cybersecurity and Infrastructure Security Agency is maintaining a database of known security flaws with details on how and when federal agencies and departments should patch them.</code><br><br><a href="https://www.techrepublic.com/article/us-government-orders-federal-agencies-to-patch-100s-of-vulnerabilities/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31817">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 14:17:46">
14:17
       </div>

       <div class="text">
<strong>🦿 2022 will be the year of convergence between edge, IoT and networking tech, Forrester predicts 🦿</strong><br><br><code>IoT tech will help reduce emissions, satellite internet will challenge 5G, the chip shortage will continue and more will happen in 2022 as pandemic recovery continues to move slowly forward.</code><br><br><a href="https://www.techrepublic.com/article/2022-will-be-the-year-of-convergence-between-edge-iot-and-networking-tech-forrester-predicts/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31818">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 14:31:50">
14:31
       </div>

       <div class="text">
<strong>♟️ ‘Tis the Season for the Wayward Package Phish ♟️</strong><br><br><code>The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here&apos;s a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.</code><br><br><a href="https://krebsonsecurity.com/2021/11/tis-the-season-for-the-wayward-package-phish/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31819">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 14:48:22">
14:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Facebook to throw out face recognition, delete all template data ⚠</strong><br><br><code>Publicity stunt? Or privacy progress?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/03/facebook-to-throw-out-face-recognition-delete-all-template-data/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31820">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 14:48:24">
14:48
       </div>

       <div class="text">
<strong>⚠ S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/04/s3-ep57-europol-v-ransomware-shrootless-bug-and-linux-browser-flamewars-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31821">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:08:11">
15:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ US Blacklists Pegasus Spyware Maker ❌</strong><br><br><code>NSO Group plans to fight the trade ban, saying it&apos;s &quot;dismayed&quot; and clinging to the mantra that its tools actually help to prevent terrorism and crime.</code><br><br><a href="https://threatpost.com/pegasus-spyware-blacklisted-us/175999/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31822">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:08:12">
15:08
       </div>

       <div class="text">
<strong>❌ 3 Guideposts for Building a Better Incident-Response Plan ❌</strong><br><br><code>Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.</code><br><br><a href="https://threatpost.com/3-guideposts-incident-response-plan/176019/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31823">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:24:56">
15:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40115 ‼</strong><br><br><code>A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40115">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31824">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:24:57">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-21687 ‼</strong><br><br><code>Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21687">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31825">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:24:58">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-34774 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34774">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31826">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:24:59">
15:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-21688 ‼</strong><br><br><code>The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21688">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31827">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:00">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21685 ‼</strong><br><br><code>Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31828">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:04">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-1500 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1500">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31829">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:06">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21689 ‼</strong><br><br><code>FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21689">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31830">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:07">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40113 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40113">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31831">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:09">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21690 ‼</strong><br><br><code>Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31832">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:10">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-34701 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp;amp; Presence Service (Unified CM IM&amp;amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34701">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31833">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:13">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-34784 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34784">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31834">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:15">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21698 ‼</strong><br><br><code>Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31835">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:17">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40112 ‼</strong><br><br><code>Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40112">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31836">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:20">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40119 ‼</strong><br><br><code>A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40119">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31837">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:22">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40124 ‼</strong><br><br><code>A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40124">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31838">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:23">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-40128 ‼</strong><br><br><code>A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31839">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:25">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-34773 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &amp;amp; Presence Service (Unified CM IM&amp;amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34773">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31840">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:27">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21693 ‼</strong><br><br><code>When creating temporary files, agent-to-controller access to create those files is only checked after they&apos;ve been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21693">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31841">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:29">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21696 ‼</strong><br><br><code>Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21696">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31842">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:25:30">
15:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-21694 ‼</strong><br><br><code>FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21694">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31843">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 15:47:49">
15:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 You can configure SSH to use a non-standard port with SELinux set to enforcing 🦿</strong><br><br><code>Switching the SSH listening port is an easy way to help secure remote login on your Linux servers. Jack Wallen shows you how.</code><br><br><a href="https://www.techrepublic.com/videos/you-can-configure-ssh-to-use-a-non-standard-port-with-selinux-set-to-enforcing/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31844">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 16:10:35">
16:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Latest National Data Privacy Legislation Aims to Protect Consumer Data 🔏</strong><br><br><code>Legislation introduced last week would establish national data privacy standards, mirror elements of the CCPA and require companies to use high-quality data protection standards.</code><br><br><a href="https://digitalguardian.com/blog/latest-national-data-privacy-legislation-aims-protect-consumer-data">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31845">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 17:17:48">
17:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cybersecurity, the pandemic and the 2021 holiday shopping season: A perfect storm 🦿</strong><br><br><code>Ping Identity executive advisor Aubrey Turner warns that eager cybercriminals are ready to exploit the current chaotic state of the world, and preparation is essential going into the holidays.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-the-pandemic-and-the-2021-holiday-shopping-season-a-perfect-storm/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31846">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 17:24:58">
17:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-41247 ‼</strong><br><br><code>JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. The only workaround is to make sure that only one JupyterLab tab is open when you log out.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41247">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31847">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 17:24:59">
17:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-43281 ‼</strong><br><br><code>MyBB before 1.8.29 allows Remote Code Injection by an admin with the &quot;Can manage settings?&quot; permission. The Admin CP&apos;s Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type &quot;php&quot; with PHP code, executed on Change Settings pages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43281">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31848">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 17:25:00">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-43293 ‼</strong><br><br><code>Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43293">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31849">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 17:25:01">
17:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-43389 ‼</strong><br><br><code>An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43389">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31850">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 18:22:31">
18:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Phishing Attack Blends Spoofed Amazon Order and Fraudulent Customer Service Agents 🕴</strong><br><br><code>It&apos;s the latest in a series of clever brand impersonation scams that use multiple vectors to lure victims.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/new-lure-impersonates-popular-amazon-brand-and-combines-email-phishing-with-a-voice-scam-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31851">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 18:22:33">
18:22
       </div>

       <div class="text">
<strong>🕴 Ripping Off the Blindfold: Illuminating OT Environments 🕴</strong><br><br><code>A security tool monitoring OT devices needs to do so without disrupting operations, which is why the Self-Learning AI acts only on information obtained by passive monitoring of the network.</code><br><br><a href="https://www.darkreading.com/dr-tech/ripping-off-the-blindfold-illuminating-ot-environments">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31852">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 18:22:34">
18:22
       </div>

       <div class="text">
<strong>🕴 US Offers $10M Reward For ID, Location of DarkSide Leadership 🕴</strong><br><br><code>The State Department offers multimillion-dollar rewards for information related to the leaders and members involved in DarkSide ransomware.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/us-offers-10m-reward-for-id-location-of-darkside-leadership">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31853">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 18:52:34">
18:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 API Security Issues Hinder Application Delivery 🕴</strong><br><br><code>A new survey explains why nearly all organizations experience API security problems to varying degrees.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/api-security-issues-hinder-application-delivery">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31854">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 19:22:35">
19:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Is Zero Trust Different From Traditional Security? 🕴</strong><br><br><code>Unlike traditional security approaches, the zero-trust security model verifies a user&apos;s identity each and every time they need specific system access.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/how-is-zero-trust-different-from-traditional-security-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31855">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 19:25:35">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-43398 ‼</strong><br><br><code>Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43398">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31856">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 19:25:36">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-3896 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3896">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31857">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 19:25:38">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-41249 ‼</strong><br><br><code>GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than graphql-playground-react@1.7.28 are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a dynamic XSS attack surface that can allow code injection on operation autocomplete. In order for the attack to take place, the user must load a malicious schema in graphql-playground. There are several ways this can occur, including by specifying the URL to a malicious schema in the endpoint query parameter. If a user clicks on a link to a GraphQL Playground installation that specifies a malicious server, arbitrary JavaScript can run in the user&apos;s browser, which can be used to exfiltrate user credentials or other harmful goals. If you are using graphql-playground-react directly in your client app, upgrade to version 1.7.28 or later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41249">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31858">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 19:25:40">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-43396 ‼</strong><br><br><code>In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious &apos;\0&apos; character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43396">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31859">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 19:25:41">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-41248 ‼</strong><br><br><code>GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. All versions of graphiql older than graphiql@1.4.7 are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a dynamic XSS attack surface that can allow code injection on operation autocomplete. In order for the attack to take place, the user must load a vulnerable schema in graphiql. There are a number of ways that can occur. By default, the schema URL is not attacker-controllable in graphiql or in its suggested implementations or examples, leaving only very complex attack vectors. If a custom implementation of graphiql&apos;s fetcher allows the schema URL to be set dynamically, such as a URL query parameter like ?endpoint= in graphql-playground, or a database provided value, then this custom graphiql implementation is vulnerable to phishing attacks, and thus much more readily available, low or no privelege level xss attacks. The URLs could look like any generic looking graphql schema URL. It should be noted that desktop clients such as Altair, Insomnia, Postwoman, do not appear to be impacted by this. This vulnerability does not impact codemirror-graphql, monaco-graphql or other dependents, as it exists in onHasCompletion.ts in graphiql. It does impact all forks of graphiql, and every released version of graphiql.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41248">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31860">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 19:25:42">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-42057 ‼</strong><br><br><code>Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42057">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31861">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 19:25:43">
19:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-21139 ‼</strong><br><br><code>EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&amp;act=add.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21139">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31862">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 21:25:09">
21:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43400 ‼</strong><br><br><code>An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43400">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31863">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 21:25:11">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-39914 ‼</strong><br><br><code>A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39914">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31864">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 21:25:13">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-39903 ‼</strong><br><br><code>In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39903">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31865">

      <div class="body">

       <div class="pull_right date details" title="04.11.2021 21:25:14">
21:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-39902 ‼</strong><br><br><code>Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39902">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-943">

      <div class="body details">
5 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31866">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 08:18:09">
08:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Get the training you need to switch to a cybersecurity career 🦿</strong><br><br><code>With cybercrime becoming more frequent and severe, there&apos;s no question that the demand for cybersecurity skills will remain high well into the future, and now you can learn them easily.</code><br><br><a href="https://www.techrepublic.com/article/get-the-training-you-need-to-switch-to-a-cybersecurity-career/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31867">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 09:07:08">
09:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ ‘Focus on brilliance at the basics’ – GitHub CSO Mike Hanley on shifting left and securing the software supply chain 🗓️</strong><br><br><code>Security fundamentals often overlooked in favor of eye-catching initiatives, says infosec pro</code><br><br><a href="https://portswigger.net/daily-swig/focus-on-brilliance-at-the-basics-github-cso-mike-hanley-on-shifting-left-and-securing-the-software-supply-chain">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31868">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 09:25:41">
09:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42237 ‼</strong><br><br><code>Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42237">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31869">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 09:25:42">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-42662 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42662">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31870">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 09:25:43">
09:25
       </div>

       <div class="text">
<strong>‼ CVE-2021-26844 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26844">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31871">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 10:08:41">
10:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Feds Offer $10 Million Bounty for DarkSide Info ❌</strong><br><br><code>The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group.</code><br><br><a href="https://threatpost.com/feds-offer-10-million-bounty-on-darkside-info/176030/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31872">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:23:29">
11:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 4 Tips on How Small to Midsize Businesses Can Combat Cyberattacks 🕴</strong><br><br><code>The first step in improving your cybersecurity is understanding your risk of attack.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/4-tips-on-how-small-to-midsize-businesses-can-combat-cyberattacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31873">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:27:05">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42669 ‼</strong><br><br><code>A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing &quot;&lt;?php system($_GET[&quot;cmd&quot;]); ?&gt;&quot; the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42669">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31874">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:27:07">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42666 ‼</strong><br><br><code>A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42666">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31875">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:27:08">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42671 ‼</strong><br><br><code>An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42671">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31876">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:27:11">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42667 ‼</strong><br><br><code>A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42667">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31877">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:27:12">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42663 ‼</strong><br><br><code>An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker&apos;s choice.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42663">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31878">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:27:14">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42664 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42664">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31879">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:27:16">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42668 ‼</strong><br><br><code>A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42668">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31880">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:27:17">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42665 ‼</strong><br><br><code>An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42665">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31881">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:27:19">
11:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42670 ‼</strong><br><br><code>A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42670">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31882">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 11:48:10">
11:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Voice phishing attack spoofs Amazon to steal credit card information 🦿</strong><br><br><code>Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan.</code><br><br><a href="https://www.techrepublic.com/article/voice-phishing-attack-spoofs-amazon-to-steal-credit-card-information/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31883">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 12:07:08">
12:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Cisco patches critical bug trio in Policy Suite and ONT networking devices 🗓️</strong><br><br><code>Critical severity bugs disclosed by networking titan</code><br><br><a href="https://portswigger.net/daily-swig/cisco-patches-critical-bug-trio-in-policy-suite-and-ont-networking-devices">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31884">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 12:38:45">
12:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Proofpoint Phish Harvests Microsoft O365, Google Logins ❌</strong><br><br><code>A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.</code><br><br><a href="https://threatpost.com/proofpoint-phish-microsoft-o365-google-logins/176038/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31885">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 12:54:19">
12:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 To Secure DevOps, Security Teams Must be Agile 🕴</strong><br><br><code>The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.</code><br><br><a href="https://www.darkreading.com/application-security/to-secure-devops-security-teams-must-be-agile">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31886">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 13:07:14">
13:07
       </div>

       <div class="text">
<strong>🗓️ Lessons learned: How a severe vulnerability in the OWASP ModSecurity Core Rule Set sparked much-needed change 🗓️</strong><br><br><code>Years-old WAF bypass flaw was discovered in June</code><br><br><a href="https://portswigger.net/daily-swig/lessons-learned-how-a-severe-vulnerability-in-the-owasp-modsecurity-core-rule-set-sparked-much-needed-change">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31887">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 13:10:20">
13:10
       </div>

       <div class="text">
<strong>❌ Google Ads for Faux Cryptowallets Net Scammers At Least $500K ❌</strong><br><br><code>Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds. </code><br><br><a href="https://threatpost.com/google-ads-cryptowallets-scammers/176047/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31888">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 13:18:12">
13:18
       </div>

       <div class="text">
<strong>🦿 US government unveils $10 million bounty for DarkSide ransomware gang leaders 🦿</strong><br><br><code>The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.</code><br><br><a href="https://www.techrepublic.com/article/us-government-unveils-10-million-bounty-for-darkside-ransomware-gang-leaders/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31889">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 13:26:43">
13:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-3924 ‼</strong><br><br><code>grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (&apos;Path Traversal&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3924">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31890">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 13:26:45">
13:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-3928 ‼</strong><br><br><code>vim is vulnerable to Stack-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31891">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 13:26:45">
13:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-3916 ‼</strong><br><br><code>bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory (&apos;Path Traversal&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3916">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31892">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 13:26:46">
13:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-39412 ‼</strong><br><br><code>Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39412">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31893">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 13:26:47">
13:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-3927 ‼</strong><br><br><code>vim is vulnerable to Heap-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3927">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31894">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 13:26:52">
13:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-39411 ‼</strong><br><br><code>Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39411">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31895">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 13:38:54">
13:38
       </div>

       <div class="text">
<strong>🛠 Faraday 3.18.1 🛠</strong><br><br><code>Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.</code><br><br><a href="https://packetstormsecurity.com/files/164790/faraday-3.18.1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31896">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 14:09:40">
14:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Beyond the Basics: Tips for Building Advanced Ransomware Resiliency ❌</strong><br><br><code>Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.</code><br><br><a href="https://threatpost.com/tips-building-advanced-ransomware-resiliency/176052/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31897">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 14:09:41">
14:09
       </div>

       <div class="text">
<strong>❌ BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released ❌</strong><br><br><code>CISA is urging vendors to patch, given the release of public exploit code &amp; a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS &amp; code execution.</code><br><br><a href="https://threatpost.com/braktooth-bluetooth-bugs-exploit-poc/176036/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31898">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 14:12:24">
14:12
       </div>

       <div class="text">
<strong>🔏 Friday Five 11/5 🔏</strong><br><br><code>The U.S. blacklists four companies for malicious cyber activities, a ransomware group shuts down, and a new CMMC program gets revamped - catch up on the infosec news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-11/5">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31899">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:18:46">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ “Customer complaint” email scam preys on your fear of getting into trouble at work ⚠</strong><br><br><code>Stop. Think. Connect. Don&apos;t let the crooks trick you into acting in haste.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/05/customer-complaint-email-scam-preys-on-your-fear-of-getting-into-trouble-at-work/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31900">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:18:48">
15:18
       </div>

       <div class="text">
<strong>⚠ S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/04/s3-ep57-europol-v-ransomware-shrootless-bug-and-linux-browser-flamewars-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31901">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:23:28">
15:23
       </div>

       <div class="text">
<strong>🕴 How InfoSec Should Use the Minimum Viable Secure Product Checklist 🕴</strong><br><br><code>Google and Salesforce executives discuss the need for the newly released MVSP, how tech companies came together to work on it, and how organizations should use it.</code><br><br><a href="https://www.darkreading.com/operations/how-infosec-should-use-the-minimum-viable-secure-product-checklist">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31902">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:26:44">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42699 ‼</strong><br><br><code>The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42699">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31903">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:26:45">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-23566 ‼</strong><br><br><code>Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23566">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31904">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:26:46">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42698 ‼</strong><br><br><code>Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31905">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:26:47">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42701 ‼</strong><br><br><code>An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42701">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31906">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:26:48">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-39416 ‼</strong><br><br><code>Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39416">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31907">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:26:49">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-23567 ‼</strong><br><br><code>Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to &quot;Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea&quot;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31908">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:26:50">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42543 ‼</strong><br><br><code>The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42543">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31909">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:26:51">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-39413 ‼</strong><br><br><code>Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39413">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31910">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 15:26:52">
15:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-23565 ‼</strong><br><br><code>Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a &quot;Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850&quot;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31911">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 17:08:51">
17:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Native Tribal Casinos Taking Millions in Ransomware Losses ❌</strong><br><br><code>An FBI notification is warning of an uptick in attacks against tribal casinos.</code><br><br><a href="https://threatpost.com/native-tribal-casinos-ransomware-losses/176060/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31912">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 17:26:10">
17:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43404 ‼</strong><br><br><code>An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43404">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31913">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 17:26:12">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-29753 ‼</strong><br><br><code>IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29753">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31914">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 17:26:15">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42837 ‼</strong><br><br><code>An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42837">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31915">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 17:26:17">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-35368 ‼</strong><br><br><code>OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35368">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31916">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 17:26:18">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-43405 ‼</strong><br><br><code>An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43405">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31917">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 17:26:20">
17:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-43406 ‼</strong><br><br><code>An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43406">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31918">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 17:48:20">
17:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Track data activity before &quot;unusual&quot; becomes &quot;dangerous&quot; 🦿</strong><br><br><code>A security expert raises concerns that a lack of identifying and tracking unusual data activity can have dangerous consequences.</code><br><br><a href="https://www.techrepublic.com/article/track-data-activity-before-unusual-becomes-dangerous/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31919">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 17:53:51">
17:53
       </div>

       <div class="text">
<strong>🕴 US Defense Contractor Discloses Data Breach 🕴</strong><br><br><code>Electronic Warfare Associates says an attackers infiltrated EWA email in August, which led to the exfiltration of files with personal data.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/us-defense-contractor-discloses-data-breach">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31920">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 17:53:52">
17:53
       </div>

       <div class="text">
<strong>🕴 Who&apos;s Minding Your Company&apos;s Crypto Decisions? 🕴</strong><br><br><code>Security teams must first evaluate security protocols and the reputation of the cryptocurrency payment platform before their companies can proceed to accept the alternative currency as payment.</code><br><br><a href="https://www.darkreading.com/edge-articles/companies-should-involve-infosec-before-accepting-cryptocurrency-payments">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31921">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:13">
21:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41230 ‼</strong><br><br><code>Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_claims` as part of policy. If using `allowed_idp_claims` and a user&apos;s claims are changed, Pomerium can make incorrect authorization decisions. This issue has been resolved in v0.15.6. For users unable to upgrade clear data on `databroker` service by clearing redis or restarting the in-memory databroker to force claims to be updated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41230">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31922">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:14">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41216 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41216">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31923">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:15">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41221 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41221">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31924">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:17">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-22222 ‼</strong><br><br><code>Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31925">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:19">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41225 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions TensorFlow&apos;s Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41225">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31926">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:20">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-22225 ‼</strong><br><br><code>Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22225">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31927">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:21">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41222 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31928">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:22">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-22224 ‼</strong><br><br><code>Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22224">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31929">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:24">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41250 ‼</strong><br><br><code>Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e0</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41250">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31930">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:25">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41228 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions TensorFlow&apos;s `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41228">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31931">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:26">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41208 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. We will deprecate TensorFlow&apos;s boosted trees APIs in subsequent releases. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41208">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31932">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:28">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41218 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41218">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31933">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:29">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41209 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41209">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31934">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:31">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41220 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()`d from are still accessed. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41220">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31935">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:32">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41227 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the `tstring` TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31936">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:34">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-22223 ‼</strong><br><br><code>Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22223">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31937">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:35">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-22226 ‼</strong><br><br><code>Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22226">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31938">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:36">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41213 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41213">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31939">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:37">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41207 ‼</strong><br><br><code>TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41207">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31940">

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 21:26:38">
21:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41251 ‼</strong><br><br><code>@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41251">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31941">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="05.11.2021 22:54:07">
22:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SecureAuth Buys Acceptto to Deliver Low-Friction Authentication to Enterprises 🕴</strong><br><br><code>Acceptto’s contextual behavior threat intelligence technology will help SecureAuth deliver AI-driven MFA and continuous password-less authentication, SecureAuth says.</code><br><br><a href="https://www.darkreading.com/dr-tech/secureauth-buys-acceptto-to-deliver-low-friction-authentication-to-enterprises">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-944">

      <div class="body details">
7 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31942">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="07.11.2021 14:57:59">
14:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37471 ‼</strong><br><br><code>A restricted shell escape sequence is possible on Cradlepoint IBR900-600 7.2.60 devices that can lead to an attacker denying the availability of all console or SSH command-line access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37471">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31943">

      <div class="body">

       <div class="pull_right date details" title="07.11.2021 14:58:00">
14:58
       </div>

       <div class="text">
<strong>‼ CVE-2020-23130 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31944">

      <div class="body">

       <div class="pull_right date details" title="07.11.2021 14:58:01">
14:58
       </div>

       <div class="text">
<strong>‼ CVE-2020-23129 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-945">

      <div class="body details">
8 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message31945">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:31">
03:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31601 ‼</strong><br><br><code>An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all databases connection details and credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31601">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31946">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:32">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42073 ‼</strong><br><br><code>An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a client label that identifies a valid client configuration. This label is &quot;Unnamed&quot; by default but could instead be guessed from hostnames or other publicly available information. In the active session state, an attacker can capture input device events from the server, and also modify the clipboard content on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42073">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31947">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:33">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-31602 ‼</strong><br><br><code>An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31602">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31948">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:34">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42371 ‼</strong><br><br><code>lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42371">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31949">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:35">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-31599 ‼</strong><br><br><code>An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the production of complex reports. An authenticated user can run arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31950">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:36">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-34684 ‼</strong><br><br><code>Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as demonstrated by an api/repos/dashboards/editor URI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34684">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31951">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:38">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-34685 ‼</strong><br><br><code>UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed (and leads to remote code execution).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31952">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:39">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42077 ‼</strong><br><br><code>PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42077">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31953">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:40">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42372 ‼</strong><br><br><code>A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31954">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:41">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42078 ‼</strong><br><br><code>PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42078">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31955">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:42">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-31600 ‼</strong><br><br><code>An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31600">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31956">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:43">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42074 ‼</strong><br><br><code>An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and closing TCP connections while sending a Hello message for each TCP session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42074">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31957">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:44">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42072 ‼</strong><br><br><code>An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks that could lead to information leaks or integrity corruption.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42072">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31958">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:45">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42075 ‼</strong><br><br><code>An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31959">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:46">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42076 ‼</strong><br><br><code>An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42076">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31960">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 03:28:47">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-42370 ‼</strong><br><br><code>A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42370">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31961">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 10:28:21">
10:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 3 Ways to Deal With the Trojan Source Attack 🕴</strong><br><br><code>These scripts and commands can be used to block the Trojan Source attack.</code><br><br><a href="https://www.darkreading.com/dr-tech/3-ways-to-deal-with-the-trojan-source-attack">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31962">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 11:08:42">
11:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Interpol issues arrest warrants for members of Clop ransomware gang 🗓️</strong><br><br><code>Wanted: cybercriminals behind global malware campaign</code><br><br><a href="https://portswigger.net/daily-swig/interpol-issues-arrest-warrants-for-members-of-clop-ransomware-gang">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31963">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 11:38:45">
11:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Campaigning lawyers launch counter-offensive against software patent trolls 🗓️</strong><br><br><code>Stemming the tide of ‘stupid software patents and the trolls they feed’</code><br><br><a href="https://portswigger.net/daily-swig/campaigning-lawyers-launch-counter-offensive-against-software-patent-trolls">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31964">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 12:28:26">
12:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Could Cyber Diplomacy Be the Ultimate Answer to American Ransomware Woes? 🕴</strong><br><br><code>Incentives for good conduct and deterrents for bad behavior in cyberspace are impossible to effectively establish and enforce without international collaboration and commitment.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/could-cyber-diplomacy-be-the-ultimate-answer-to-american-ransomware-woes-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31965">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 12:28:27">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-32482 ‼</strong><br><br><code>Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32482">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31966">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 12:28:29">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-32483 ‼</strong><br><br><code>Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32483">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31967">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 12:28:30">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-30132 ‼</strong><br><br><code>Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30132">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31968">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 12:28:32">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-29243 ‼</strong><br><br><code>Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31969">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 12:28:33">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-22051 ‼</strong><br><br><code>Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22051">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31970">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 12:28:35">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-37850 ‼</strong><br><br><code>ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31971">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 12:28:37">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-29994 ‼</strong><br><br><code>Cloudera Hue 4.6.0 allows XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29994">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31972">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 12:28:38">
12:28
       </div>

       <div class="text">
<strong>‼ CVE-2021-32481 ‼</strong><br><br><code>Cloudera Hue 4.6.0 allows XSS via the type parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31973">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 13:28:37">
13:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Valeo Networks Acquires On Time Tech, Accelerating National Growth Strategy 🕴</strong><br><br><code>Through this latest acquisition, the company adds two more California locations.</code><br><br><a href="https://www.darkreading.com/operations/valeo-networks-acquires-on-time-tech-accelerating-national-growth-strategy">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31974">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 13:38:48">
13:38
       </div>

       <div class="text">
<strong>🗓️ Mozilla disables ‘low usage’ encryption feature to resolve Thunderbird HTTP/2 vulnerability 🗓️</strong><br><br><code>Multiple flaws in email client resolved with security update</code><br><br><a href="https://portswigger.net/daily-swig/mozilla-disables-low-usage-encryption-feature-to-resolve-thunderbird-http-2-vulnerability">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31975">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 13:41:48">
13:41
       </div>

       <div class="text">
<strong>❌ Zoho Password Manager Flaw Torched by Godzilla Webshell ❌</strong><br><br><code>A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and […]</code><br><br><a href="https://threatpost.com/zoho-password-manager-flaw-godzilla-webshell/176063/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31976">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 13:58:33">
13:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Arctic Wolf Security Operations Cloud Reaches Massive Scale and a Global Footprint 🕴</strong><br><br><code>Global business momentum and technical advancements position the Arctic Wolf platform as a category-defining Security Operations solution</code><br><br><a href="https://www.darkreading.com/operations/arctic-wolf-security-operations-cloud-reaches-massive-scale-and-a-global-footprint">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31977">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 13:58:35">
13:58
       </div>

       <div class="text">
<strong>🕴 Kaspersky Finds DDoS Attacks in Q3 Grow by 24%, Become More Sophisticated 🕴</strong><br><br><code>The total number of smart attacks (advanced DDoS attacks that are often targeted) increased by 31% when compared to the same period last year.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/kaspersky-finds-ddos-attacks-in-q3-grow-by-24-become-more-sophisticated">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31978">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 13:58:37">
13:58
       </div>

       <div class="text">
<strong>🕴 Banking Malware Threats Surging as Mobile Banking Increases – Nokia Threat Intelligence Report 🕴</strong><br><br><code>The Nokia 2021 Threat Intelligence Report announced today shows that banking malware threats are sharply increasing as cyber criminals target the rising popularity of mobile banking on smartphones, with plots aimed at stealing personal banking credentials and credit card information.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/banking-malware-threats-surging-as-mobile-banking-increases-nokia-threat-intelligence-report">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31979">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 14:28:59">
14:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41733 ‼</strong><br><br><code>Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41733">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31980">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 14:29:01">
14:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-28023 ‼</strong><br><br><code>Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version &lt; 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31981">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 14:29:02">
14:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-28024 ‼</strong><br><br><code>Unauthorized system access in the login form in ServiceTonic Helpdesk software version &lt; 9.0.35937 allows attacker to login without using a password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31982">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 14:29:03">
14:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-25979 ‼</strong><br><br><code>Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users&apos; sessions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31983">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 14:29:04">
14:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-42770 ‼</strong><br><br><code>A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42770">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31984">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 14:29:06">
14:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-28022 ‼</strong><br><br><code>Blind SQL injection in the login form in ServiceTonic Helpdesk software &lt; 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31985">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 14:29:07">
14:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-39182 ‼</strong><br><br><code>EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39182">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31986">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 14:39:13">
14:39
       </div>

       <div class="text">
<strong>🗓️ Pwn2Own Austin 2021: Synacktiv crowned Masters of Pwn after Sonos One, WD NAS exploits 🗓️</strong><br><br><code>French team takes home nearly $200k in winnings as event uncovers 61 zero days</code><br><br><a href="https://portswigger.net/daily-swig/pwn2own-austin-2021-synacktiv-crowned-masters-of-pwn-after-sonos-one-wd-nas-exploits">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message31987">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:07">
16:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-24706 ‼</strong><br><br><code>The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24706">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31988">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:10">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-29843 ‼</strong><br><br><code>IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29843">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31989">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:13">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24627 ‼</strong><br><br><code>The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an &apos;id&apos; GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24627">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31990">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:15">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24816 ‼</strong><br><br><code>The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24816">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31991">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:16">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24791 ‼</strong><br><br><code>The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the &quot;orderby&quot; and &quot;order&quot; request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31992">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:18">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24537 ‼</strong><br><br><code>The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the &apos;widget_rrm_similar_posts_condition&apos; widget setting of the plugin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24537">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31993">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:20">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24806 ‼</strong><br><br><code>The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary comment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24806">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31994">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:22">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24832 ‼</strong><br><br><code>The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24832">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31995">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:24">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24625 ‼</strong><br><br><code>The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the &apos;parent&apos; and &apos;ordering&apos; parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24625">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31996">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:25">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24840 ‼</strong><br><br><code>The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24840">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31997">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:26">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24575 ‼</strong><br><br><code>The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24575">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31998">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:28">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24631 ‼</strong><br><br><code>The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24631">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message31999">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:29">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24835 ‼</strong><br><br><code>The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32000">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:31">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-29735 ‼</strong><br><br><code>IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29735">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32001">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:33">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-40577 ‼</strong><br><br><code>A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40577">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32002">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:35">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24698 ‼</strong><br><br><code>The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32003">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:38">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24844 ‼</strong><br><br><code>The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24844">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32004">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:39">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24827 ‼</strong><br><br><code>The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24827">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32005">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:40">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24697 ‼</strong><br><br><code>The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32006">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:29:41">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-24669 ‼</strong><br><br><code>The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24669">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32007">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:36:04">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-24829 ‼</strong><br><br><code>The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24829">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32008">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:36:05">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-24695 ‼</strong><br><br><code>The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24695">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32009">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:36:06">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-4160 ‼</strong><br><br><code>IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4160">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32010">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 16:36:09">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-4153 ‼</strong><br><br><code>IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4153">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32011">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 17:10:40">
17:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs ❌</strong><br><br><code>Researchers have uncovered a large, tangled web of infrastructure being used to enable a wide variety of cyberattacks.</code><br><br><a href="https://threatpost.com/zebra2104-initial-access-broker-malware-apts/176075/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32012">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 17:29:28">
17:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What My Optometrist Taught Me About InfoSec Presentations 🕴</strong><br><br><code>A broken pair of eyeglasses brings into focus an important lesson about how to tailor security messages to the right audience.</code><br><br><a href="https://www.darkreading.com/edge-articles/infosec-pros-need-to-know-their-audience">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32013">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 18:10:42">
18:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ DDoS Attacks Shatter Records in Q3, Report Finds   ❌</strong><br><br><code>Q3 DDoS attacks topped thousands daily, with more growth expected.</code><br><br><a href="https://threatpost.com/ddos-attacks-records-q3/176082/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32014">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 18:31:09">
18:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Investor Group to Acquire McAfee for $14B 🕴</strong><br><br><code>The group, made up of Advent, Permira, Crosspoint Capital, CPP Investments, GIC, and ADIA, will take ownership of McAfee.</code><br><br><a href="https://www.darkreading.com/endpoint/investor-group-to-acquire-mcafee-for-14b">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32015">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 18:31:10">
18:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-39420 ‼</strong><br><br><code>Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39420">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32016">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 18:31:12">
18:31
       </div>

       <div class="text">
<strong>‼ CVE-2021-41170 ‼</strong><br><br><code>### Impact Versions prior 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. In theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible. ### Patches Version 1.1.1 has addressed this vulnerability. ```php $params = [ &apos;reverse&apos; =&gt; fn($input) =&gt; strrev($input), // &lt;-- no longer possible with version ~1.1.1 &apos;value&apos; =&gt; &apos;My website&apos; ] TemplateFunctions::registerClosure(&apos;reverse&apos;, fn($input) =&gt; strrev($input)); // &lt;-- still possible (and nicely isolated) Template::embrace(&apos;&lt;h1&gt;{{reverse(value)}}&lt;/h1&gt;&apos;, $params); ``` ### Workarounds Unfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade. ### References As a possible exploit is relatively easy to achieve, I will not share steps to reproduce the issue for now. ### For more information If you have any questions or comments about this advisory: * Open an issue in [our repo](https://github.com/sroehrl/neoan3-template)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41170">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32017">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 19:29:15">
19:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What Security Strategies Are Driving InfoSec&apos;s Decisions Around Defense? 🕴</strong><br><br><code>The data shows security leaders are focusing on multilayered defenses, including multifactor authentication, threat intelligence, and incident response.</code><br><br><a href="https://www.darkreading.com/tech-trends/what-security-strategies-are-driving-infosec-decisions-around-defense">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32018">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 19:49:58">
19:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Kaseya ransomware suspect nabbed in Poland, $6m seized from absent colleague ⚠</strong><br><br><code>Suspects nabbed, millions seized, in ransomware busts across the globe.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/08/kaseya-ransomware-suspect-nabbed-in-poland-6m-seized-from-absent-colleague/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32019">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 20:19:43">
20:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Europol arrests three suspects possibly involved in major ransomware activities 🦿</strong><br><br><code>Europol announced new arrests during its &quot;Operation GoldDust.&quot; The suspects may have been heavily involved in the Sodinokibi/REvil and GandCrab ransomware activities.</code><br><br><a href="https://www.techrepublic.com/article/europol-arrests-three-suspects-possibly-involved-in-major-ransomware-activities/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32020">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 20:29:11">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-41253 ‼</strong><br><br><code>Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn&apos;t use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41253">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32021">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 20:29:12">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-23572 ‼</strong><br><br><code>BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32022">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 20:29:13">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-40260 ‼</strong><br><br><code>Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40260">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32023">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 20:29:14">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-40261 ‼</strong><br><br><code>Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route parameters in add_student.php, the (20) fname, (21) mname, (22) lname, (23) address, (24) class, (25) fgname, (26) gmname, (27) glname, (28) rship, (29) status, (30) transport, and (31) route parameters in save_stud.php,the (32) status, (33) fname, and (34) lname parameters in add_user.php, the (35) username, (36) firstname, and (37) status parameters in users.php, the (38) fname, (39) lname, and (40) status parameters in save_user.php, and the (41) activity_log, (42) aprjun, (43) class, (44) janmar, (45) Julsep,(46) octdec, (47) Students and (48) users parameters in table_name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40261">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32024">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 20:29:15">
20:29
       </div>

       <div class="text">
<strong>🕴 US Charges Ukrainian National for Kaseya Ransomware Attack 🕴</strong><br><br><code>Yaroslav Vasinskyi is one of seven individuals believed to be responsible for deploying REvil ransomware in attacks against 5,000 organizations.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/us-charges-ukrainian-national-for-kaseya-ransomware-attack">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32025">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 20:59:22">
20:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 UL Launches SafeCyber Platform to Secure IoT 🕴</strong><br><br><code>UL’s SafeCyber will allow organizations to manage cybersecurity governance and processes as well as speed up time spent on firmware development.</code><br><br><a href="https://www.darkreading.com/dr-tech/ul-launches-safecyber-platform-to-secure-iot">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32026">

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 21:10:48">
21:10
       </div>

       <div class="text">
<strong>❌ REvil Affiliates Arrested; DOJ Seizes $6.1M in Ransom ❌</strong><br><br><code>The U.S. is seeking the extradition of a Ukrainian man, Yaroslav Vasinskyi, whom they suspect is behind the Kaseya supply-chain attacks and other REvil attacks.</code><br><br><a href="https://threatpost.com/revil-affiliates-arrested-doj-europol/176087/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32027">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="08.11.2021 23:18:08">
23:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ REvil Ransom Arrest, $6M Seizure, and $10M Reward ♟️</strong><br><br><code>The U.S. Department of Justice said today it arrested a Ukrainian man who deployed ransomware on behalf of the REvil ransomware gang, a Russian cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the State Department is now offering up to $10 million for information leading to the arrest of any key leaders of REvil.</code><br><br><a href="https://krebsonsecurity.com/2021/11/revil-ransom-arrest-6m-seizure-and-10m-reward/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-946">

      <div class="body details">
9 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32028">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 09:50:10">
09:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more! ⚠</strong><br><br><code>The crooks have shown that they&apos;re willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32029">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:29:58">
10:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40359 ‼</strong><br><br><code>A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions &lt; V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40359">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32030">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:29:59">
10:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-40366 ‼</strong><br><br><code>A vulnerability has been identified in Climatix POL909 (AWM module) (All versions &lt; V11.34). The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40366">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32031">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:00">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31884 ‼</strong><br><br><code>A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions &lt; V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application assumes that the data supplied with the “Hostnameâ€� DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31884">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32032">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:02">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-42025 ‼</strong><br><br><code>A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions &lt; V8.18.13), Mendix Applications using Mendix 9 (All versions &lt; V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects in some cases, regardless whether they have write access to it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42025">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32033">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:04">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31888 ‼</strong><br><br><code>A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions &lt; V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the “MKD/XMKDâ€� command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31888">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32034">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:06">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-42021 ‼</strong><br><br><code>A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32035">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:08">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-40358 ‼</strong><br><br><code>A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions &lt; V7.5 SP2 Update 5). Legitimate file operations of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32036">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:10">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-10052 ‼</strong><br><br><code>A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions &lt; V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10052">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32037">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:13">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31883 ‼</strong><br><br><code>A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions &lt; V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31883">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32038">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:14">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-10053 ‼</strong><br><br><code>A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions &lt; V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10053">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32039">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:16">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31344 ‼</strong><br><br><code>A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions &lt; V2017.02.4), Nucleus ReadyStart V4 (All versions &lt; V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32040">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:18">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31890 ‼</strong><br><br><code>A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions &lt; V2017.02.4), Nucleus ReadyStart V4 (All versions &lt; V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32041">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:22">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-37207 ‼</strong><br><br><code>A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37207">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32042">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:24">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-42026 ‼</strong><br><br><code>A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions &lt; V8.18.13), Mendix Applications using Mendix 9 (All versions &lt; V9.6.2). Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don&apos;t have read access to them.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42026">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32043">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:27">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31889 ‼</strong><br><br><code>A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions &lt; V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32044">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:29">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31885 ‼</strong><br><br><code>A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions &lt; V2017.02.4), Nucleus ReadyStart V4 (All versions &lt; V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31885">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32045">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:31">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-42015 ‼</strong><br><br><code>A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions &lt; V7.23.26), Mendix Applications using Mendix 8 (All versions &lt; V8.18.12), Mendix Applications using Mendix 9 (All versions &lt; V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32046">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:33">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31887 ‼</strong><br><br><code>A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions &lt; V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the “PWD/XPWDâ€� command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31887">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32047">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:36">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31345 ‼</strong><br><br><code>A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions &lt; V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32048">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 10:30:39">
10:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-31346 ‼</strong><br><br><code>A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions &lt; V2017.02.4), Nucleus ReadyStart V4 (All versions &lt; V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32049">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 11:23:28">
11:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Multiple BusyBox Security Bugs Threaten Embedded Linux Devices ❌</strong><br><br><code>Researchers discovered 14 vulnerabilities in the ‘Swiss Army Knife’ of the embedded OS used in many OT and IoT environments. They allow RCE, denial of service and data leaks.</code><br><br><a href="https://threatpost.com/busybox-security-bugs-linux-devices/176098/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32050">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 11:39:18">
11:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Security breach at trading platform Robinhood sparks phishing fears 🗓️</strong><br><br><code>Social engineering attack exposes email addresses of five million investors</code><br><br><a href="https://portswigger.net/daily-swig/security-breach-at-trading-platform-robinhood-sparks-phishing-fears">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32051">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 12:11:19">
12:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Robinhood Trading Platform Data Breach Hits 7M Customers ❌</strong><br><br><code>The cyberattacker attempted to extort the company after socially engineering a customer service employee to gain access to email addresses and more.</code><br><br><a href="https://threatpost.com/robinhood-trading-platform-data-breach/176106/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32052">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 12:30:39">
12:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The State of the CISO 🕴</strong><br><br><code>Dark Reading survey shows security officer influence is on the rise.</code><br><br><a href="https://www.darkreading.com/risk/the-state-of-the-ciso">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32053">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 12:30:41">
12:30
       </div>

       <div class="text">
<strong>🕴 Building Bridges to a More Secure Hybrid Workplace 🕴</strong><br><br><code>Wherever workers chose to do their jobs, they need technology that&apos;s unobtrusive, secure by design, and intuitive to use.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/building-bridges-to-a-more-secure-hybrid-workplace">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32054">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 12:34:59">
12:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-43519 ‼</strong><br><br><code>Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43519">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32055">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 12:35:00">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-3641 ‼</strong><br><br><code>Improper Link Resolution Before File Access (&apos;Link Following&apos;) vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3641">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32056">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 12:35:01">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43114 ‼</strong><br><br><code>FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43114">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32057">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 12:35:02">
12:35
       </div>

       <div class="text">
<strong>‼ CVE-2019-18916 ‼</strong><br><br><code>A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18916">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32058">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 13:00:49">
13:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SafeBreach Closes $53.5 Million Series D in New Funding to Fuel Momentum 🕴</strong><br><br><code>The new capital will fuel the company&apos;s plans to expand its market footprint to new geographies and evolve its offerings in response to client needs.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/safebreach-closes-53-5-million-series-d-in-new-funding-to-fuel-momentum">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32059">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 13:09:23">
13:09
       </div>

       <div class="text">
<strong>🗓️ bZx crypto heist results in reported losses of more than $55 million 🗓️</strong><br><br><code>BSC and Polygon funds drained – but Ethereum contracts ‘safe’ – following phishing attack</code><br><br><a href="https://portswigger.net/daily-swig/bzx-crypto-heist-results-in-reported-losses-of-more-than-55-million">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32060">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 13:12:24">
13:12
       </div>

       <div class="text">
<strong>❌ The New Frontier of Enterprise Risk: Nth Parties ❌</strong><br><br><code>The average number of vulnerabilities discovered in a Cyberpion scan of external Fortune 500 networks (such as cloud systems) was 296, many critical (with the top of the scale weighing in at a staggering 7,500).</code><br><br><a href="https://threatpost.com/enterprise-risk-nth-parties/176114/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32061">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 13:12:26">
13:12
       </div>

       <div class="text">
<strong>❌ Security Tool Guts: How Much Should Customers See? ❌</strong><br><br><code>Yaron Kassner, CTO of Silverfort, delves into the pros and cons of transparency when it comes to cybersecurity tools’ algorithms.</code><br><br><a href="https://threatpost.com/security-tool-transparency/176113/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32062">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 13:50:00">
13:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 US amps up war on ransomware with charges against REvil attackers 🦿</strong><br><br><code>One person fingered for the July 2021 attack against Kaseya is in custody, while the other individual is still at large.</code><br><br><a href="https://www.techrepublic.com/article/us-amps-up-war-on-ransomware-with-charges-against-revil-attackers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32063">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:01:02">
14:01
       </div>

       <div class="text">
<strong>🕴 83% of Critical Infrastructure Organizations Suffered Breaches, 2021 Cybersecurity Research Reveals 🕴</strong><br><br><code>Supply chain and third-party risk is a major threat to operational technology.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/83-of-critical-infrastructure-organizations-suffered-breaches-2021-cybersecurity-research-reveals">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32064">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:07">
14:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43193 ‼</strong><br><br><code>In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43193">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32065">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:11">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43201 ‼</strong><br><br><code>In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43201">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32066">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:13">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43187 ‼</strong><br><br><code>In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43187">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32067">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:17">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43186 ‼</strong><br><br><code>JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43186">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32068">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:19">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43183 ‼</strong><br><br><code>In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43183">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32069">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:21">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2019-16240 ‼</strong><br><br><code>A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16240">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32070">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:23">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43197 ‼</strong><br><br><code>In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43197">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32071">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:25">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43180 ‼</strong><br><br><code>In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43180">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32072">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:26">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43203 ‼</strong><br><br><code>In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43203">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32073">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:28">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2019-18914 ‼</strong><br><br><code>A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18914">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32074">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:29">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43194 ‼</strong><br><br><code>In JetBrains TeamCity before 2021.1.2, user enumeration was possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43194">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32075">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:30">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43199 ‼</strong><br><br><code>In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43199">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32076">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:32">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43192 ‼</strong><br><br><code>In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43192">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32077">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:35">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43196 ‼</strong><br><br><code>In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43196">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32078">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:36">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43198 ‼</strong><br><br><code>In JetBrains TeamCity before 2021.1.2, stored XSS is possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43198">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32079">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:39">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43184 ‼</strong><br><br><code>In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43184">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32080">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:40">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43200 ‼</strong><br><br><code>In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43200">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32081">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:41">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43188 ‼</strong><br><br><code>In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43188">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32082">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:42">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43195 ‼</strong><br><br><code>In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43195">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32083">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 14:35:44">
14:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43181 ‼</strong><br><br><code>In JetBrains Hub before 2021.1.13690, stored XSS is possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43181">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32084">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:15">
15:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 Avast Antivirus Free review: Our free favourite for older Windows PCs 📢</strong><br><br><code>Effective free antivirus that’ll work on operating systems all the way back to Windows 7</code><br><br><a href="https://www.itpro.co.uk/security/antivirus/361466/avast-antivirus-free-review-our-free-favourite-for-older-windows-pcs">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32085">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:17">
15:04
       </div>

       <div class="text">
<strong>📢 Sitecore XP RCE vulnerability actively exploited, ACSC warns 📢</strong><br><br><code>Flaw was fixed last month but hackers now moving against patching laggards</code><br><br><a href="https://www.itpro.co.uk/security/vulnerability/361486/sitecore-xp-rce-vulnerability-actively-exploited-acsc-warns">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32086">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:19">
15:04
       </div>

       <div class="text">
<strong>📢 Investor group snaps up McAfee for $14 billion 📢</strong><br><br><code>The cyber security firm is to be taken private just a year after it returned to the stock market</code><br><br><a href="https://www.itpro.co.uk/business-strategy/mergers-and-acquisitions/361478/investor-group-snaps-up-mcafee-for-14-billion">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32087">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:21">
15:04
       </div>

       <div class="text">
<strong>📢 Expired certificate to blame for broken Windows 11 apps 📢</strong><br><br><code>Microsoft has released a patch but users are still unable to access the Snipping Tool</code><br><br><a href="https://www.itpro.co.uk/operating-systems/microsoft-windows/361458/expired-certificate-blamed-broken-windows-11-apps">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32088">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:23">
15:04
       </div>

       <div class="text">
<strong>📢 A guide to cyber security certification and training 📢</strong><br><br><code>Cyber security skills are in demand from every organisation, but what training and certification is needed?</code><br><br><a href="https://www.itpro.co.uk/careers/28212/a-guide-to-cyber-security-certification-and-training">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32089">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:25">
15:04
       </div>

       <div class="text">
<strong>📢 Vulnerability in Linux kernel could let hackers remotely take over systems 📢</strong><br><br><code>Heap overflow attacks can exploit TIPC module in all common Linux distributions</code><br><br><a href="https://www.itpro.co.uk/software/operating-systems/361462/vulnerability-in-linux-kernel-could-let-hackers-remotely-take">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32090">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:26">
15:04
       </div>

       <div class="text">
<strong>📢 What is Maze ransomware? 📢</strong><br><br><code>This Windows ransomware has targeted many organisations worldwide</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/360334/what-is-maze-ransomware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32091">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:28">
15:04
       </div>

       <div class="text">
<strong>📢 US government sanctions crypto-exchange Chatex over ransomware allegations 📢</strong><br><br><code>Treasury department moves to sanction another exchange following restriction of Suex in September</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361483/us-government-sanctions-crypto-exchange-chatex-over-ransomware">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32092">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:29">
15:04
       </div>

       <div class="text">
<strong>📢 Proofpoint impersonator steal Microsoft, Google logins in phishing campaign 📢</strong><br><br><code>Clever hackers dodged Microsoft security by pretending to be a cyber security firm</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361477/proofpoint-impersonator-grabs-microsoft-365-and-google-logins-in">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32093">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:31">
15:04
       </div>

       <div class="text">
<strong>📢 Researcher awarded $50,000 for discovering Samsung Galaxy S21 hack 📢</strong><br><br><code>UK researcher Sam Thomas won the Pwn2Own bounty using a &quot;unique three-bug chain&quot;</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361455/experts-break-into-samsung-galaxy-s21-twice-at-pwn2own-hacking-event">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32094">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:32">
15:04
       </div>

       <div class="text">
<strong>📢 Counting the consequences of cyber attacks 📢</strong><br><br><code>How can governments respond to the growing risk of online attacks by hostile nations?</code><br><br><a href="https://www.itpro.co.uk/security/cyber-warfare/361305/counting-the-consequences-of-cyberattacks">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32095">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:34">
15:04
       </div>

       <div class="text">
<strong>📢 Fake Steam phishing baits victims with free Discord Nitro 📢</strong><br><br><code>Victims end up on a fake page where their credentials are stolen</code><br><br><a href="https://www.itpro.co.uk/security/phishing/361446/fake-steam-phishing-baits-victims-with-free-discord-nitro">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32096">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:36">
15:04
       </div>

       <div class="text">
<strong>📢 US offers $10 million for information on BlackMatter ransomware operators 📢</strong><br><br><code>The sizeable reward will be given to anyone who can aid the investigation into those believed to be behind the Colonial Pipeline attack</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361457/us-10-million-reward-blackmatter-ransomware-operator-arrests">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32097">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:38">
15:04
       </div>

       <div class="text">
<strong>📢 IoT privacy and security concerns 📢</strong><br><br><code>We take a look at what&apos;s needed to really secure internet-connected devices</code><br><br><a href="https://www.itpro.co.uk/security/28086/iot-privacy-security-concerns">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <a class="pagination block_link" href="messages33.html">
Next messages
     </a>

    </div>

   </div>

  </div>

 </body>

</html>