messages33.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages32.html">
Previous messages
     </a>

     <div class="message service" id="message-947">

      <div class="body details">
9 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:40">
15:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 CISA gives civilian agencies two weeks to patch recent security exploits 📢</strong><br><br><code>A total of 291 vulnerabilities have been detailed in an attempt to improve federal agency cyber security</code><br><br><a href="https://www.itpro.co.uk/security/vulnerability/361441/cisa-federal-agencies-cyber-security-patch-deadlines">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32099">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:42">
15:04
       </div>

       <div class="text">
<strong>📢 161% surge in mobile phishing pushes energy industry to its limits 📢</strong><br><br><code>Following Colonial Pipeline, crooks get a taste for energy companies</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361443/161-surge-in-mobile-phishing-pushes-energy-industry-to-its-limits">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32100">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:44">
15:04
       </div>

       <div class="text">
<strong>📢 Labour Party unable to access data after suspected cyber attack on managed service provider 📢</strong><br><br><code>The incident is being investigated by both the National Crime Agency and the Information Commissioner&apos;s Office</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361439/labour-party-locked-out-of-data-after-cyber-attack-on-third-party">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32101">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:46">
15:04
       </div>

       <div class="text">
<strong>📢 Robinhood hack exposes data from millions of customers 📢</strong><br><br><code>An attacker socially engineered an employee at the stock-trading platform to gain access to customer support systems</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361479/robinhood-hack-social-engineering-exposes-millions-customers">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32102">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:48">
15:04
       </div>

       <div class="text">
<strong>📢 A third of UK workers are surveilled by employers 📢</strong><br><br><code>The sharp rise in surveillance comes as it&apos;s revealed webcam monitoring has more than doubled</code><br><br><a href="https://www.itpro.co.uk/security/privacy/361472/one-in-three-uk-workers-now-surveilled-by-employers-at-home">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32103">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:04:50">
15:04
       </div>

       <div class="text">
<strong>📢 IT Pro News In Review: Microsoft pitches &apos;metaverse&apos;, Graff&apos;s celebrity data leak, Meta facial recognition 📢</strong><br><br><code>Catch up on the biggest headlines of the week in just two minutes</code><br><br><a href="https://www.itpro.co.uk/security/biometrics/361454/it-pro-news-in-review-microsoft-pitches-metaverse-graffs-celebrity-data">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32104">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:11:22">
15:11
       </div>

       <div class="text">
<strong>❌ 12 New Flaws Used in Ransomware Attacks in Q3 ❌</strong><br><br><code>The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared with Q2 2021.</code><br><br><a href="https://threatpost.com/12-new-flaws-used-in-ransomware-attacks-in-q3/176137/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32105">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:31:21">
15:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How to Minimize Ransomware&apos;s Trail of Destruction and Its Associated Costs 🕴</strong><br><br><code>One of the biggest mistakes an organization can make is blindly throwing technology at the problem instead of properly investing in building a security team.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/how-to-minimize-ransomware-s-trail-of-destruction-and-its-associated-costs">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32106">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:31:22">
15:31
       </div>

       <div class="text">
<strong>🕴 Zoho ManageEngine Flaw Highlights Risks of Race to Patch 🕴</strong><br><br><code>Attackers used a pre-auth vulnerability in a component of the enterprise management software suite to compromise businesses, highlighting the dangers of Internet-facing software.</code><br><br><a href="https://www.darkreading.com/risk/zoho-manageengine-flaw-highlights-risks-of-race-to-patch">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32107">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:50:30">
15:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Ransomware attacks are increasingly exploiting security vulnerabilities 🦿</strong><br><br><code>The number of security flaws associated with ransomware rose from 266 to 278 last quarter, according to security firm Ivanti.</code><br><br><a href="https://www.techrepublic.com/article/ransomware-attacks-are-increasingly-exploiting-security-vulnerabilities/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32108">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 15:50:32">
15:50
       </div>

       <div class="text">
<strong>🦿 Digital driver&apos;s licenses: Are they secure enough for us to trust? 🦿</strong><br><br><code>States should use a privacy by design approach instead of creating a new system to track purchases and other activities, according to security experts.</code><br><br><a href="https://www.techrepublic.com/article/digital-drivers-licenses-are-they-secure-enough-for-us-to-trust/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32109">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 16:35:12">
16:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43172 ‼</strong><br><br><code>NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43172">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32110">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 16:35:14">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43173 ‼</strong><br><br><code>In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP connections, this time-out was only applied to individual read or write operations rather than the complete request. Thus, if an RRDP repository sends a little bit of data before that time-out expired, it can continuously extend the time it takes for the request to finish. Since validation will only continue once the update of an RRDP repository has concluded, this delay will cause validation to stall, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43173">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32111">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 16:35:16">
16:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43174 ‼</strong><br><br><code>NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43174">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32112">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 16:51:03">
16:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Kaspersky finds 31% increase in &quot;smart&quot; DDoS attacks 🦿</strong><br><br><code>The security company expects these attacks to keep rising through the end of the year.</code><br><br><a href="https://www.techrepublic.com/article/kaspersky-finds-31-increase-in-smart-ddos-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32113">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 17:30:58">
17:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Why Self-Learning AI Is Changing the Paradigm of ICS Security 🕴</strong><br><br><code>By focusing on the organization rather than the threat, AI can identify subtle changes in your digital environment that point to a cyber threat.</code><br><br><a href="https://www.darkreading.com/dr-tech/why-self-learning-ai-is-changing-the-paradigm-of-ics-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32114">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 17:43:00">
17:43
       </div>

       <div class="text">
<strong>❌ Not Punny: Angling Direct Breach Cripples Retailer for Days   ❌</strong><br><br><code>A U.K. fishing retailer’s site has been hijacked and redirected to Pornhub.</code><br><br><a href="https://threatpost.com/angling-direct-breach-cripples-retailer/176144/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32115">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 18:18:24">
18:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ Microsoft Patch Tuesday, November 2021 Edition ♟️</strong><br><br><code>Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today -- potentially giving adversaries a head start in figuring out how to exploit them.</code><br><br><a href="https://krebsonsecurity.com/2021/11/microsoft-patch-tuesday-november-2021-edition/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32116">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 18:21:28">
18:21
       </div>

       <div class="text">
<strong>🦿 Security pros say federal government should do more to protect and secure private sector 🦿</strong><br><br><code>A full 95% of professionals surveyed by Tripwire believe the government should play a bigger role in securing non-governmental companies.</code><br><br><a href="https://www.techrepublic.com/article/security-pros-say-federal-government-should-do-more-to-protect-and-secure-private-sector/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32117">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 18:35:18">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-28419 ‼</strong><br><br><code>During installation with certain driver software or application packages an arbitrary code execution could occur.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28419">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32118">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 18:35:20">
18:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-20119 ‼</strong><br><br><code>The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20119">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32119">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 19:11:28">
19:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs ❌</strong><br><br><code>Experts urged users to prioritize patches for Microsoft Exchange and Excel, those favorite platforms so frequently targeted by cybercriminals and nation-state actors.</code><br><br><a href="https://threatpost.com/microsoft-nov-patch-tuesday-fixes-six-zero-days-55-bugs/176143/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32120">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 19:20:11">
19:20
       </div>

       <div class="text">
<strong>🦿 It&apos;s time to dump Chrome as your default browser on Android 🦿</strong><br><br><code>Jack Wallen makes his case for Android users to switch from Chrome as their default browsers. He also shows you how.</code><br><br><a href="https://www.techrepublic.com/article/its-time-you-dump-chrome-as-your-default-browser-on-android/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32121">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 20:35:22">
20:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43569 ‼</strong><br><br><code>The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43569">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32122">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 20:35:23">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43570 ‼</strong><br><br><code>The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43570">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32123">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 20:35:24">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43572 ‼</strong><br><br><code>The verify function in the Stark Bank Python ECDSA library (ecdsa-python) 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32124">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 20:35:25">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43568 ‼</strong><br><br><code>The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43568">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32125">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 20:35:26">
20:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-43571 ‼</strong><br><br><code>The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32126">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 20:38:23">
20:38
       </div>

       <div class="text">
<strong>🕴 Are You Planning for the Quantum, Transhumanist Threat? 🕴</strong><br><br><code>Breaking encryption in a day and hacking without visible devices are two threats that could become a reality in the next decade and beyond, experts say.</code><br><br><a href="https://www.darkreading.com/risk/are-you-planning-for-the-quantum-transhumanist-threat-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32127">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 20:38:24">
20:38
       </div>

       <div class="text">
<strong>🕴 Microsoft Fixes Exchange Server Zero-Day 🕴</strong><br><br><code>November security update contains patches for 55 bugs — including six zero-days across various products.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/microsoft-s-nov-security-update-contains-fix-for-exchange-server-0-day">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32128">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 22:35:27">
22:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43575 ‼</strong><br><br><code>** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43575">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32129">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 22:35:28">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-35488 ‼</strong><br><br><code>Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&amp;title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35488">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32130">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 22:35:30">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-35489 ‼</strong><br><br><code>Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&amp;host={HOSTNAME]&amp;service={SERVICENAME]&amp;backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35489">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32131">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 22:35:31">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-37157 ‼</strong><br><br><code>An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37157">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32132">

      <div class="body">

       <div class="pull_right date details" title="09.11.2021 22:35:32">
22:35
       </div>

       <div class="text">
<strong>‼ CVE-2021-37158 ‼</strong><br><br><code>An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37158">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-948">

      <div class="body details">
10 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32133">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 03:41:45">
03:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42292 ‼</strong><br><br><code>Microsoft Excel Security Feature Bypass Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42292">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32134">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 03:41:47">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-41366 ‼</strong><br><br><code>Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41366">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32135">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 03:41:48">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-42304 ‼</strong><br><br><code>Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42303.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42304">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32136">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 03:41:49">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-42288 ‼</strong><br><br><code>Windows Hello Security Feature Bypass Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42288">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32137">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 03:41:50">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-42279 ‼</strong><br><br><code>Chakra Scripting Engine Memory Corruption Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42279">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32138">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 03:41:51">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-41367 ‼</strong><br><br><code>NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32139">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 03:41:53">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-41373 ‼</strong><br><br><code>FSLogix Information Disclosure Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41373">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32140">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 03:41:54">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-41356 ‼</strong><br><br><code>Windows Denial of Service Vulnerability</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41356">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32141">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 03:41:55">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2021-42323 ‼</strong><br><br><code>Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42301.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42323">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32142">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 08:36:06">
08:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-31853 ‼</strong><br><br><code>DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31853">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32143">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 09:09:43">
09:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Apache Storm maintainers patch two pre-auth RCE vulnerabilities 🗓️</strong><br><br><code>High-risk issues were discovered by GitHub’s in-house security team</code><br><br><a href="https://portswigger.net/daily-swig/apache-storm-maintainers-patch-two-pre-auth-rce-vulnerabilities">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32144">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 10:36:17">
10:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34598 ‼</strong><br><br><code>In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34598">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32145">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 10:36:18">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-39474 ‼</strong><br><br><code>Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39474">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32146">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 10:36:20">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43136 ‼</strong><br><br><code>An authentication bypass issue in FormaLMS &lt;= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32147">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 10:36:21">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-34582 ‼</strong><br><br><code>In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34582">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32148">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 10:36:22">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-25974 ‼</strong><br><br><code>In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisherâ€� role is able to inject and execute arbitrary JavaScript code while creating a page/article.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25974">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32149">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 10:36:23">
10:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-25975 ‼</strong><br><br><code>In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisherâ€� role to inject malicious JavaScript via the uploaded html file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25975">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32150">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 11:11:51">
11:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Dark Reading Video News Desk Comes to Black Hat Europe 🕴</strong><br><br><code>While attendees join Black Hat Europe 2021 virtually and live in London, we bring you prerecorded interviews from remote offices around the world.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/dark-reading-video-news-desk-comes-to-black-hat-europe">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32151">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 11:11:53">
11:11
       </div>

       <div class="text">
<strong>🗓️ Black Hat Europe: Laws and regulations need to change to secure world’s digital infrastructure 🗓️</strong><br><br><code>Better incentives to build secure products needed, former MEP tells conference</code><br><br><a href="https://portswigger.net/daily-swig/black-hat-europe-laws-and-regulations-need-to-change-to-secure-worlds-digital-infrastructure">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32152">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 11:11:56">
11:11
       </div>

       <div class="text">
<strong>❌ New Android Spyware Poses Pegasus-Like Threat ❌</strong><br><br><code>PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps.</code><br><br><a href="https://threatpost.com/new-android-spyware-poses-pegasus-like-threat/176155/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32153">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 11:37:45">
11:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Researcher Details Vulnerabilities Found in AWS API Gateway 🕴</strong><br><br><code>AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/researcher-details-vulnerabilities-found-in-aws-api-gateway">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32154">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 12:07:44">
12:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 4 Tips to Secure the OT Cybersecurity Budget You Require 🕴</strong><br><br><code>OT security engineers and personnel should approach senior management with an emphasis on risk reduction benefits and with a concrete plan to secure budget and funding before it&apos;s too late.</code><br><br><a href="https://www.darkreading.com/risk/4-tips-to-secure-the-ot-cybersecurity-budget-you-require">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32155">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 12:07:45">
12:07
       </div>

       <div class="text">
<strong>🕴 Securing the Public: Who Should Take Charge? 🕴</strong><br><br><code>International policy expert Marietke Schaake explores the intricacies of protecting the public as governments depend on private companies to build and secure digital infrastructure.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/securing-the-public-who-should-take-charge-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32156">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 12:50:33">
12:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How healthcare organizations and patients are increasingly at risk from cyber threats 🦿</strong><br><br><code>A majority of IT pros working at hospitals who were surveyed by Armis said they&apos;ve seen a rise in cyber risk over the past 12 months.</code><br><br><a href="https://www.techrepublic.com/article/how-healthcare-organizations-and-patients-are-increasingly-at-risk-from-cyber-threats/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32157">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 13:37:51">
13:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CISA and State and Local Partners Test Emergency Response Plans at Chevron Salt Lake Refinery 🕴</strong><br><br><code>The exercise included several objectives related to response procedures at the refinery, including evacuation and shelter-in-place decision-making; roles and responsibilities during investigations; communication with first responders; and public messaging before and following an incident.</code><br><br><a href="https://www.darkreading.com/operations/cisa-and-state-and-local-partners-test-emergency-response-plans-at-chevron-salt-lake-refinery">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32158">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 13:40:50">
13:40
       </div>

       <div class="text">
<strong>🗓️ Smuggling hidden backdoors into JavaScript with homoglyphs and invisible Unicode characters 🗓️</strong><br><br><code>Researchers urge developers to secure code by disallowing non-ASCII characters</code><br><br><a href="https://portswigger.net/daily-swig/smuggling-hidden-backdoors-into-javascript-with-homoglyphs-and-invisible-unicode-characters">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32159">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:12:16">
14:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Massive Zero Day Hole Found in Palo Alto Security Appliances ❌</strong><br><br><code>Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.</code><br><br><a href="https://threatpost.com/massive-zero-day-hole-found-in-palo-alto-security-appliances/176170/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32160">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:20:37">
14:20
       </div>

       <div class="text">
<strong>⚠ Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more! ⚠</strong><br><br><code>The crooks have shown that they&apos;re willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32161">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:27">
14:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42062 ‼</strong><br><br><code>SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42062">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32162">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:28">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-41426 ‼</strong><br><br><code>Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41426">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32163">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:30">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40503 ‼</strong><br><br><code>An information disclosure vulnerability exists in SAP GUI for Windows - versions &lt; 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40503">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32164">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:33">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40502 ‼</strong><br><br><code>SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from B2B units they do not belong to.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40502">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32165">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:35">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-41427 ‼</strong><br><br><code>Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41427">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32166">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:37">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43561 ‼</strong><br><br><code>An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32167">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:39">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-38887 ‼</strong><br><br><code>IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38887">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32168">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:41">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43564 ‼</strong><br><br><code>An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32169">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:42">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43563 ‼</strong><br><br><code>An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32170">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:43">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43562 ‼</strong><br><br><code>An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32171">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:45">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-12488 ‼</strong><br><br><code>The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12488">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32172">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:47">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40501 ‼</strong><br><br><code>SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40501">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32173">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:48">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40504 ‼</strong><br><br><code>A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40504">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32174">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:52">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40521 ‼</strong><br><br><code>Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40521">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32175">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:53">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40519 ‼</strong><br><br><code>Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40519">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32176">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:55">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43523 ‼</strong><br><br><code>In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43523">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32177">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:36:57">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40518 ‼</strong><br><br><code>Airangel HSMX Gateway devices through 5.2.04 allow CSRF.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40518">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32178">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:50:43">
14:50
       </div>

       <div class="text">
<strong>⚠ Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates ⚠</strong><br><br><code>The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won&apos;t be any double overtime!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/10/patch-tuesday-updates-the-win-7-updater-for-at-most-1-more-year-of-updates/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32179">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 14:57:28">
14:57
       </div>

       <div class="text">
<strong>🛠 GNUnet P2P Framework 0.15.3 🛠</strong><br><br><code>GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.</code><br><br><a href="https://packetstormsecurity.com/files/164924/gnunet-0.15.3.tgz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32180">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 15:07:53">
15:07
       </div>

       <div class="text">
<strong>🕴 Defining the Hierarchy of Value in Cyber Intelligence 🕴</strong><br><br><code>One size won&apos;t fit all as we try to reconcile the need to demonstrate expertise and value with keeping clients and researchers safe.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/defining-the-hierarchy-of-value-in-cyber-intelligence">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32181">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 15:41:58">
15:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Critical Citrix Bug Shuts Down Network, Cloud App Access ❌</strong><br><br><code>The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.</code><br><br><a href="https://threatpost.com/critical-citrix-bug-etwork-cloud-app-access/176183/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32182">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 15:50:42">
15:50
       </div>

       <div class="text">
<strong>🦿 These industries were the most affected by the past year of ransomware attacks 🦿</strong><br><br><code>After what has been a year of averaging more than a thousand ransomware attacks per day, NordLocker said that data released by hackers shows an unexpected industry at the top.</code><br><br><a href="https://www.techrepublic.com/article/these-industries-were-the-most-affected-by-the-past-year-of-ransomware-attacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32183">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:07:57">
16:07
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SolarWinds Vulnerability Exploited in First Stage of Clop Ransomware Attacks 🕴</strong><br><br><code>Russian cybercrime group known as T505 is targeting SolarWinds Server-U systems that haven&apos;t been patched for a remote code execution vulnerability fixed this summer.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/rise-in-clop-ransomware-attacks-tied-to">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32184">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:33">
16:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3572 ‼</strong><br><br><code>A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32185">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:34">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40520 ‼</strong><br><br><code>Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40520">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32186">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:35">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3061 ‼</strong><br><br><code>An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 firewalls are impacted by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3061">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32187">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:36">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-32021 ‼</strong><br><br><code>A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32188">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:37">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-41038 ‼</strong><br><br><code>In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32189">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:39">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3056 ‼</strong><br><br><code>A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3056">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32190">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:40">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-22048 ‼</strong><br><br><code>The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to elevate privileges to a higher privileged group.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22048">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32191">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:41">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3059 ‼</strong><br><br><code>An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 Preferred or Prisma Access 2.1 Innovation firewalls are impacted by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3059">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32192">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:43">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3064 ‼</strong><br><br><code>A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3064">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32193">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:44">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3380 ‼</strong><br><br><code>Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3380">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32194">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:45">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-32023 ‼</strong><br><br><code>An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32195">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:47">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3062 ‼</strong><br><br><code>An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to perform any operations allowed by the EC2 role in AWS. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20 VM-Series firewalls; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11 VM-Series firewalls; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14 VM-Series firewalls; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8 VM-Series firewalls. Prisma Access customers are not impacted by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3062">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32196">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:48">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-28137 ‼</strong><br><br><code>Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28137">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32197">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:50">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-32022 ‼</strong><br><br><code>A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete data from the local system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32198">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:51">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3063 ‼</strong><br><br><code>An improper handling of exceptional conditions vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to send specifically crafted traffic to a GlobalProtect interface that causes the service to stop responding. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h4; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8-h4; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers are not impacted by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3063">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32199">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:52">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3060 ‼</strong><br><br><code>An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3060">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32200">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:53">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-3058 ‼</strong><br><br><code>An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does not impact Prisma Access firewalls.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3058">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32201">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:36:53">
16:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40517 ‼</strong><br><br><code>Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40517">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32202">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 16:44:23">
16:44
       </div>

       <div class="text">
<strong>🔏 DOJ Takes Action Against Two Charged with Ransomware Attacks 🔏</strong><br><br><code>The Justice Department announced this week that it arrested two involved with deploying ransomware and that it seized $6.1 million in ransom payments.</code><br><br><a href="https://digitalguardian.com/blog/doj-takes-action-against-two-charged-ransomware-attacks">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32203">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 18:08:05">
18:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 SquirrelWaffle Leverages Malspam to Deliver Qakbot, Cobalt Strike 🕴</strong><br><br><code>Threat is spreading widely via spam campaigns, infecting systems with a new malware loader.</code><br><br><a href="https://www.darkreading.com/edge-threat-monitor/squirrelwaffle-leverages-malspam-to-deliver-qakbot-cobalt-strike">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32204">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 18:41:43">
18:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42111 ‼</strong><br><br><code>An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42111">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32205">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 18:48:46">
18:48
       </div>

       <div class="text">
<strong>♟️ SMS About Bank Fraud as a Pretext for Voice Phishing ♟️</strong><br><br><code>Most of us have probably heard the term &quot;smishing&quot; -- which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing -- blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.</code><br><br><a href="https://krebsonsecurity.com/2021/11/sms-about-bank-fraud-as-a-pretext-for-voice-phishing/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32206">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 19:08:08">
19:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 ChaosDB: Researchers Share Technical Details of Azure Flaw 🕴</strong><br><br><code>Wiz researchers who discovered a severe flaw in the Azure Cosmos DB database discussed the full extent of the vulnerability at Black Hat Europe.</code><br><br><a href="https://www.darkreading.com/cloud/chaosdb-researchers-share-technical-details-of-azure-flaw">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32207">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:36:45">
20:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-23876 ‼</strong><br><br><code>pdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23876">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32208">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:36:47">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23886 ‼</strong><br><br><code>XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23886">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32209">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:36:48">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23903 ‼</strong><br><br><code>A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23903">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32210">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:36:50">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23891 ‼</strong><br><br><code>A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23891">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32211">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:36:51">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23884 ‼</strong><br><br><code>A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service (DoS) via a crafted MNG file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23884">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32212">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:36:52">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23873 ‼</strong><br><br><code>pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23873">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32213">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:36:53">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23898 ‼</strong><br><br><code>A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23898">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32214">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:36:54">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23896 ‼</strong><br><br><code>A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23896">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32215">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:36:55">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23902 ‼</strong><br><br><code>A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23902">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32216">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:36:59">
20:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-23887 ‼</strong><br><br><code>XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23887">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32217">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:37:02">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23900 ‼</strong><br><br><code>A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23900">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32218">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:37:04">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23879 ‼</strong><br><br><code>pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23879">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32219">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:37:06">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23888 ‼</strong><br><br><code>A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted psd file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23888">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32220">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:37:08">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23901 ‼</strong><br><br><code>A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23901">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32221">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:37:11">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23894 ‼</strong><br><br><code>A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23894">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32222">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:37:12">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23899 ‼</strong><br><br><code>A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23899">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32223">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:37:13">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23895 ‼</strong><br><br><code>A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23895">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32224">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:37:15">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23889 ‼</strong><br><br><code>A User Mode Write AV starting at Editor!TMethodImplementationIntercept+0x4189c6 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted ico file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23889">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32225">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:37:17">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23872 ‼</strong><br><br><code>A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23872">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32226">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:37:18">
20:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23890 ‼</strong><br><br><code>A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23890">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32227">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 20:39:50">
20:39
       </div>

       <div class="text">
<strong>🕴 Hacker-for-Hire Group Spied on More Than 3,500 Targets in 18 Months 🕴</strong><br><br><code>Russian-speaking &quot;Void Balaur&quot; group&apos;s victims include politicians, dissidents, human rights activists, doctors, and journalists, security vendor discloses at Black Hat Europe 2021.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/hacker-for-hire-group-spied-on-more-than-3-500-targets-in-18-months">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32228">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 22:08:16">
22:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New Application Security Toolkit Uncovers Dependency Confusion Attacks 🕴</strong><br><br><code>The Dependency Combobulator is an open source Python-based toolkit that helps developers discover malicious software components that may have accidentally been added to their projects.</code><br><br><a href="https://www.darkreading.com/dr-tech/new-application-security-toolkit-uncovers-dependency-confusion-attacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32229">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 22:36:48">
22:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40873 ‼</strong><br><br><code>An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40873">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32230">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 22:36:49">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40871 ‼</strong><br><br><code>An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40871">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32231">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 22:36:50">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-40872 ‼</strong><br><br><code>An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40872">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32232">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 22:36:51">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-33816 ‼</strong><br><br><code>The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33816">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32233">

      <div class="body">

       <div class="pull_right date details" title="10.11.2021 22:36:52">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-33618 ‼</strong><br><br><code>Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by &gt; and &lt; characters in the onpointermove attribute of a BODY element to the user-management feature.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33618">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-949">

      <div class="body details">
11 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32234">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 08:37:18">
08:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-26558 ‼</strong><br><br><code>Deserialization of Untrusted Data vulnerability of Apache ShardingSphere-UI allows an attacker to inject outer link resources. This issue affects Apache ShardingSphere-UI Apache ShardingSphere-UI version 4.1.1 and later versions; Apache ShardingSphere-UI versions prior to 5.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26558">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32235">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 08:37:20">
08:37
       </div>

       <div class="text">
<strong>‼ CVE-2021-25980 ‼</strong><br><br><code>In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the “forgot passwordâ€� functionality to reset the victim’s password and successfully take over their account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25980">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32236">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 11:09:16">
11:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Should Our Security Controls Be More Like North Korea or Norway? 🕴</strong><br><br><code>When the drive for additional visibility and awareness is led by the business rather than just a SOC team, both the business and security can benefit.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/should-our-security-controls-be-more-like-north-korea-or-norway-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32237">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 11:17:32">
11:17
       </div>

       <div class="text">
<strong>❌ Tiny Font Size Fools Email Filters in BEC Phishing ❌</strong><br><br><code>The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.</code><br><br><a href="https://threatpost.com/tiny-font-size-email-filters-bec-phishing/176198/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32238">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 11:40:23">
11:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Dependency Combobulator offers defense against namespace confusion attacks 🗓️</strong><br><br><code>Toolkit ‘tackles common scenarios’ and can evolve to detect emerging attack variants</code><br><br><a href="https://portswigger.net/daily-swig/dependency-combobulator-offers-defense-against-namespace-confusion-attacks">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32239">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 11:50:59">
11:50
       </div>

       <div class="text">
<strong>⚠ Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates ⚠</strong><br><br><code>The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won&apos;t be any double overtime!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/10/patch-tuesday-updates-the-win-7-updater-for-at-most-1-more-year-of-updates/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32240">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 11:50:59">
11:50
       </div>

       <div class="text">
<strong>🦿 How cybercriminals use bait attacks to gather info about their intended victims 🦿</strong><br><br><code>With a bait attack, criminals try to obtain the necessary details to plan future attacks against their targets, says Barracuda.</code><br><br><a href="https://www.techrepublic.com/article/how-cybercriminals-use-bait-attacks-to-gather-info-about-their-intended-victims/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32241">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 12:10:22">
12:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Palo Alto GlobalProtect users urged to patch against critical vulnerability 🗓️</strong><br><br><code>Details withheld about dangerous threat as orgs given one-month patching window</code><br><br><a href="https://portswigger.net/daily-swig/palo-alto-globalprotect-users-urged-to-patch-against-critical-vulnerability">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32242">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 12:37:39">
12:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43350 ‼</strong><br><br><code>An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43350">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32243">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 13:10:23">
13:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Zero tolerance: How infosec’s online ‘cancel culture’ is stunting industry growth 🗓️</strong><br><br><code>Fear of Twitter fallout is stopping vital information from being shared Social media backlash and online squabbling is stopping the information security industry from learning from its mistakes, Black</code><br><br><a href="https://portswigger.net/daily-swig/zero-tolerance-how-infosecs-online-cancel-culture-is-stunting-industry-growth">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32244">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 13:21:05">
13:21
       </div>

       <div class="text">
<strong>🦿 This pre-Black Friday sale lets you save an extra 15% off cybersecurity certification training courses 🦿</strong><br><br><code>Receive over 100 hours of expert instruction on globally recognized cybersecurity skills that will help you become an in-demand IT professional.</code><br><br><a href="https://www.techrepublic.com/article/this-pre-black-friday-sale-lets-you-save-an-extra-15-off-cybersecurity-certification-training-courses/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32245">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 13:21:08">
13:21
       </div>

       <div class="text">
<strong>🦿 How to easily transfer files between computers with croc 🦿</strong><br><br><code>If you&apos;re looking for an easy command-line tool to transfer files between systems on the same LAN, Jack Wallen believes croc is the tool for the job.</code><br><br><a href="https://www.techrepublic.com/article/how-to-easily-transfer-files-between-computers-with-croc/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32246">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 13:40:18">
13:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ GoCD bug chain provides second springboard to supply chain attacks 🗓️</strong><br><br><code>Follow-up to recent GoCD disclosure provides additional path to infiltrating build environments</code><br><br><a href="https://portswigger.net/daily-swig/gocd-bug-chain-provides-second-springboard-to-supply-chain-attacks">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32247">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 14:51:03">
14:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast] ⚠</strong><br><br><code>Latest epsiode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/11/s3-ep58-faces-on-facebook-scams-that-pose-as-complaints-and-a-kaseya-bust-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32248">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 15:09:38">
15:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Third-Party Software Risks Grow, but So Do Solutions 🕴</strong><br><br><code>Enterprises are more dependent than ever on open source software and need to manage the risk posed by vulnerabilities in components and third-party vendors.</code><br><br><a href="https://www.darkreading.com/application-security/third-party-software-risks-grow-but-so-do-solutions">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32249">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 15:09:39">
15:09
       </div>

       <div class="text">
<strong>🕴 Insider IP Theft Is Surging — and Most Can&apos;t Stop It 🕴</strong><br><br><code>The Great Resignation is upon us, and insider IP theft is surging as a result. But it is a solvable problem.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/insider-ip-theft-is-surging-and-most-can-t-stop-it">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32250">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 15:12:39">
15:12
       </div>

       <div class="text">
<strong>❌ Congress Mulls Ban on Big Ransom Payouts ❌</strong><br><br><code>A bill introduced this week would regulate ransomware response by the country&apos;s critical financial sector.</code><br><br><a href="https://threatpost.com/congress-ban-ransomware-payouts/176213/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32251">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 15:21:07">
15:21
       </div>

       <div class="text">
<strong>🦿 Research: Supply chain and COVID-19 challenges forces companies to shift their security strategies 🦿</strong><br><br><code>64% of survey respondents reported that their companies have concerns about security risks for supply chains.</code><br><br><a href="https://www.techrepublic.com/article/research-supply-chain-and-covid-19-challenges-forces-companies-to-shift-their-security-strategies/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32252">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 16:09:41">
16:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 What Happens If Time Gets Hacked 🕴</strong><br><br><code>Renowned hardware security expert raises alarm on the risk and dangers of cyberattackers targeting the current time-synchronization infrastructure.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/what-happens-if-time-gets-hacked">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32253">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 16:09:42">
16:09
       </div>

       <div class="text">
<strong>🕴 Cloud Attack Analysis Unearths Lessons for Security Pros 🕴</strong><br><br><code>Researchers detail their investigation of a cryptomining campaign stealing AWS credentials and how attackers have evolved their techniques.</code><br><br><a href="https://www.darkreading.com/cloud/cloud-attack-analysis-unearths-lessons-for-security-pros">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32254">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 16:12:45">
16:12
       </div>

       <div class="text">
<strong>❌ Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash ❌</strong><br><br><code>A Russian-language threat group is available for hire, to steal data on journalists, political leaders, activists and from organizations in every sector.</code><br><br><a href="https://threatpost.com/cyber-mercenary-void-balaur/176230/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32255">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 17:12:46">
17:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Back-to-Back PlayStation 5 Hacks Hit on the Same Day ❌</strong><br><br><code>Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices.</code><br><br><a href="https://threatpost.com/playstation-5-hacks-same-day/176240/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32256">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 17:42:44">
17:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Invest in These 3 Key Security Technologies to Fight Ransomware ❌</strong><br><br><code>Ransomware volumes are up 1000%. Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs , discusses secure email, network segmentation and sandboxing for defense.</code><br><br><a href="https://threatpost.com/invest-3-key-security-technologies-ransomware/176246/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32257">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 18:21:11">
18:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Learn how to become an ethical hacker for only $21 during this pre-Black Friday sale 🦿</strong><br><br><code>You don&apos;t need to break the bank to get the training required for an exciting new career, especially when you&apos;ve got the right coupon code.</code><br><br><a href="https://www.techrepublic.com/article/learn-how-to-become-an-ethical-hacker-for-only-21-during-this-pre-black-friday-sale/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32258">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 18:37:55">
18:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2002-20001 ‼</strong><br><br><code>The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-20001">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32259">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 19:39:56">
19:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Do I Know It&apos;s Time to Consider a SASE Migration? 🕴</strong><br><br><code>The rapid shift to a hybrid workplace and accelerated adoption of new technologies means it&apos;s time to rethink networking security approaches.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/how-do-i-know-its-time-to-consider-sase-migration">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32260">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 20:38:02">
20:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3908 ‼</strong><br><br><code>OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3908">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32261">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 20:38:02">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-3909 ‼</strong><br><br><code>OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3909">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32262">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 20:38:04">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-3910 ‼</strong><br><br><code>OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3910">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32263">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 20:38:07">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-3907 ‼</strong><br><br><code>OctoRPKI does not escape a URI with a filename containing &quot;..&quot;, this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3907">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32264">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 20:38:09">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-3912 ‼</strong><br><br><code>OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3912">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32265">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 20:38:11">
20:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-3911 ‼</strong><br><br><code>If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3911">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32266">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 20:41:02">
20:41
       </div>

       <div class="text">
<strong>🕴 Google Open Sources ClusterFuzzLite 🕴</strong><br><br><code>ClusterFuzzLite is a stripped-down version of continuous fuzzing tool ClusterFuzz that integrates CI tools.</code><br><br><a href="https://www.darkreading.com/dr-tech/google-open-sources-clusterfuzzlite">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32267">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 21:10:10">
21:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 &apos;Lyceum&apos; Threat Group Broadens Focus to ISPs 🕴</strong><br><br><code>New report suggests attacker is targeting trusted supply chain companies in order to compromise large numbers of downstream customers.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/-lyceum-threat-group-broadens-focus-to-isps">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32268">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 22:38:07">
22:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-34422 ‼</strong><br><br><code>The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34422">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32269">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 22:38:09">
22:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-34421 ‼</strong><br><br><code>The Keybase Client for Android before version 5.8.0 and the Keybase Client for iOS before version 5.8.0 fails to properly remove exploded messages initiated by a user if the receiving user places the chat session in the background while the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from the customer&apos;s device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34421">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32270">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 22:38:10">
22:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-34419 ‼</strong><br><br><code>In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34419">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32271">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 22:38:11">
22:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-34420 ‼</strong><br><br><code>The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer&apos;s computer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34420">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32272">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 22:38:13">
22:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-34418 ‼</strong><br><br><code>The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating. This could lead to a crash of the login service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34418">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32273">

      <div class="body">

       <div class="pull_right date details" title="11.11.2021 22:38:14">
22:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-34417 ‼</strong><br><br><code>The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room Connector before version 4.4.6868.20210703, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5496.20210703 fails to validate input sent in requests to set the network proxy password. This could lead to remote command injection by a web portal administrator.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34417">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-950">

      <div class="body details">
12 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32274">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:38">
08:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-1903 ‼</strong><br><br><code>Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1903">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32275">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:39">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30266 ‼</strong><br><br><code>Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30266">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32276">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:40">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30263 ‼</strong><br><br><code>Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30263">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32277">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:42">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30259 ‼</strong><br><br><code>Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30259">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32278">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:43">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-1921 ‼</strong><br><br><code>Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1921">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32279">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:44">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-1979 ‼</strong><br><br><code>Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32280">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:44">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30255 ‼</strong><br><br><code>Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30255">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32281">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:45">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30264 ‼</strong><br><br><code>Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30264">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32282">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:46">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30254 ‼</strong><br><br><code>Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30254">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32283">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:47">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-1912 ‼</strong><br><br><code>Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1912">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32284">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:51">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-1975 ‼</strong><br><br><code>Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1975">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32285">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:52">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-1924 ‼</strong><br><br><code>Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice &amp; Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1924">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32286">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:52">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-1981 ‼</strong><br><br><code>Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1981">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32287">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:53">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30265 ‼</strong><br><br><code>Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30265">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32288">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:54">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-1982 ‼</strong><br><br><code>Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1982">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32289">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:58">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30321 ‼</strong><br><br><code>Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30321">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32290">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:59">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-30284 ‼</strong><br><br><code>Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30284">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32291">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 08:38:59">
08:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-1973 ‼</strong><br><br><code>A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &amp; Music, Snapdragon Wearables</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1973">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32292">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 09:40:45">
09:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Driftwood debuts: New open source tool hunts for leaked public-private key pairs 🗓️</strong><br><br><code>The tool will help security professionals find compromised TLS keys and sensitive keys tied to GitHub accounts</code><br><br><a href="https://portswigger.net/daily-swig/driftwood-debuts-new-open-source-tool-hunts-for-leaked-public-private-key-pairs">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32293">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 09:40:46">
09:40
       </div>

       <div class="text">
<strong>🕴 In Appreciation: Alan Paller 🕴</strong><br><br><code>Alan Paller, founder of the famed SANS Institute, passed away on Nov. 9.</code><br><br><a href="https://www.darkreading.com/careers-and-people/in-appreciation-alan-paller">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32294">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 10:38:45">
10:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3934 ‼</strong><br><br><code>ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3934">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32295">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 10:38:47">
10:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-43576 ‼</strong><br><br><code>Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43576">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32296">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 10:38:49">
10:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-43578 ‼</strong><br><br><code>Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32297">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 10:38:51">
10:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21699 ‼</strong><br><br><code>Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21699">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32298">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 10:38:52">
10:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21701 ‼</strong><br><br><code>Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21701">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32299">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 10:38:53">
10:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-43577 ‼</strong><br><br><code>Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43577">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32300">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 10:38:55">
10:38
       </div>

       <div class="text">
<strong>‼ CVE-2021-21700 ‼</strong><br><br><code>Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21700">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32301">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 10:41:47">
10:41
       </div>

       <div class="text">
<strong>🗓️ Alan Paller: Infosec world pays homage after SANS founder and infosec luminary dies 🗓️</strong><br><br><code>‘His vision has changed the lives of hundreds of thousands of security practitioners’</code><br><br><a href="https://portswigger.net/daily-swig/alan-paller-infosec-world-pays-homage-after-sans-founder-and-infosec-luminary-dies">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32302">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 10:44:48">
10:44
       </div>

       <div class="text">
<strong>❌ Millions of Routers, IoT Devices at Risk from New Open-Source Malware ❌</strong><br><br><code>BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities.</code><br><br><a href="https://threatpost.com/routers-iot-open-source-malware/176270/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32303">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 12:10:56">
12:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ HTML smuggling: Fresh attack technique is being used to increasingly target banking sector 🗓️</strong><br><br><code>Evasive malware is being spread via email in campaigns similar to those of nation-state actors</code><br><br><a href="https://portswigger.net/daily-swig/html-smuggling-fresh-attack-technique-is-being-used-to-increasingly-target-banking-sector">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32304">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 12:10:58">
12:10
       </div>

       <div class="text">
<strong>🕴 How to Hire — and Retain — Effective Threat Hunters 🕴</strong><br><br><code>Key characteristics that should be evaluated include curiosity, disposition, and fit with the culture.</code><br><br><a href="https://www.darkreading.com/careers-and-people/how-to-hire-and-retain-effective-threat-hunters">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32305">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 12:38:57">
12:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43494 ‼</strong><br><br><code>OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43494">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32306">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 12:39:00">
12:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-43496 ‼</strong><br><br><code>Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32307">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 14:38:59">
14:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-38972 ‼</strong><br><br><code>IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38972">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32308">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 14:39:00">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-4140 ‼</strong><br><br><code>IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32309">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 14:39:02">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-43493 ‼</strong><br><br><code>ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32310">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 14:39:04">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-4146 ‼</strong><br><br><code>IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing &apos;HttpOnly&apos; flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32311">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 14:39:06">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38973 ‼</strong><br><br><code>IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38973">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32312">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 14:39:07">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-38985 ‼</strong><br><br><code>IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38985">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32313">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 14:39:10">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-43492 ‼</strong><br><br><code>AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43492">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32314">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 14:51:28">
14:51
       </div>

       <div class="text">
<strong>⚠ S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast] ⚠</strong><br><br><code>Latest epsiode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/11/s3-ep58-faces-on-facebook-scams-that-pose-as-complaints-and-a-kaseya-bust-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32315">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 14:51:31">
14:51
       </div>

       <div class="text">
<strong>🦿 Score an extra 15% discount on this cyber analysis training on sale ahead of Black Friday 🦿</strong><br><br><code>Eight courses and 51 hours of content on CompTIA CySA+, ethical hacking, social engineering and more. Everything you need to be a certified cybersecurity analyst.</code><br><br><a href="https://www.techrepublic.com/article/score-an-extra-15-discount-on-this-cyber-analysis-training-on-sale-ahead-of-black-friday/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32316">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 15:13:23">
15:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Mac Zero Day Targets Apple Devices in Hong Kong ❌</strong><br><br><code>Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.</code><br><br><a href="https://threatpost.com/mac-zero-day-apple-hong-kong/176300/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32317">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 15:16:34">
15:16
       </div>

       <div class="text">
<strong>🔏 Friday Five 11/12 🔏</strong><br><br><code>Apple fixes a macOS zero day, Microsoft warns of HTML smuggling phishing attacks, and more - catch up on the infosec news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-11/12">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32318">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 15:21:39">
15:21
       </div>

       <div class="text">
<strong>⚠ Samba update patches plaintext passwork plundering problem ⚠</strong><br><br><code>When Microsoft itself says STOP USING X, where X is one of its own protocols... we think you should listen.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/12/samba-update-patches-plaintext-passwork-plundering-problem/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32319">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 15:21:44">
15:21
       </div>

       <div class="text">
<strong>🦿 The mobile VPNs of 2021 that you need to try 🦿</strong><br><br><code>Privacy is essential, especially on a mobile device. These five options available for both Android and iOS can help keep your device secure and your traffic private, but not without cost.</code><br><br><a href="https://www.techrepublic.com/article/the-mobile-vpns-that-you-need-to-try/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32320">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 15:51:37">
15:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How AI fights fraud in the telecom industry 🦿</strong><br><br><code>Americans lost $29.8 billion in phone fraud over the past year. Can AI fraud detection change this?</code><br><br><a href="https://www.techrepublic.com/article/how-ai-fights-fraud-in-the-telecom-industry/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32321">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 16:39:05">
16:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41264 ‼</strong><br><br><code>OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41264">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32322">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 16:39:07">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-41259 ‼</strong><br><br><code>Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri(&quot;http://localhost\0hello&quot;).hostname is set to &quot;localhost\0hello&quot;. Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent(&quot;http://localhost\0hello&quot;) makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41259">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32323">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 16:39:09">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-41254 ‼</strong><br><br><code>kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could execute commands inside the kustomize-controller container by embedding a shell script in a Kubernetes Secret. This can be used to run `kubectl` commands under the Service Account of kustomize-controller, thus allowing an authenticated Kubernetes user to gain cluster admin privileges. In affected versions multitenant environments where non-admin users have permissions to create Flux Kustomization objects are affected by this issue. This vulnerability was fixed in kustomize-controller v0.15.0 (included in flux2 v0.18.0) released on 2021-10-08. Starting with v0.15, the kustomize-controller no longer executes shell commands on the container OS and the `kubectl` binary has been removed from the container image. To prevent the creation of Kubernetes Service Accounts with `secrets` in namespaces owned by tenants, a Kubernetes validation webhook such as Gatekeeper OPA or Kyverno can be used.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41254">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32324">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 16:51:38">
16:51
       </div>

       <div class="text">
<strong>🦿 Pay-per-click fraud is costing top tech companies, and you, hundreds of millions of dollars 🦿</strong><br><br><code>With an estimated 14% of PPC costs being lost to fraud, all it takes is a look at the advertising budgets of top tech firms to see how much money they&apos;re wasting, says PPC Shield.</code><br><br><a href="https://www.techrepublic.com/article/pay-per-click-fraud-is-costing-top-tech-companies-and-you-hundreds-of-millions-of-dollars/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32325">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 17:13:23">
17:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Windows 10 Privilege-Escalation Zero-Day Gets an Unofficial Fix ❌</strong><br><br><code>Researchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft.</code><br><br><a href="https://threatpost.com/windows-10-privilege-escalation-zero-day-unofficial-fix/176313/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32326">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 17:43:25">
17:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Top 10 Cybersecurity Best Practices to Combat Ransomware ❌</strong><br><br><code>Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile.</code><br><br><a href="https://threatpost.com/cybersecurity-best-practices-ransomware/176316/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32327">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 18:12:33">
18:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Follow the Leaders: A Blueprint for Software Security Success 🕴</strong><br><br><code>Organizations can study software security leaders and emulate their habits and initiatives in order to build a successful software security program of their own.</code><br><br><a href="https://www.darkreading.com/edge-articles/follow-the-leaders-a-blueprint-for-software-security-success">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32328">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 18:39:09">
18:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41972 ‼</strong><br><br><code>Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41972">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32329">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 19:12:40">
19:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Open Source Project Aims to Detect Living-Off-the-Land Attacks 🕴</strong><br><br><code>The machine learning classifier from Adobe can determine whether system commands are malicious and classify them using a variety of tags useful for security analysts.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/open-source-project-aims-to-detect-living-off-the-land-attacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32330">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 19:21:41">
19:21
       </div>

       <div class="text">
<strong>🦿 Security researcher: Flaw in Apple Pay, Samsung Pay and Google Pay makes fraud easy for thieves 🦿</strong><br><br><code>Positive Technologies expert describes vulnerability linked to apps used to pay for public transit tickets.</code><br><br><a href="https://www.techrepublic.com/article/security-researcher-flaw-in-apple-pay-samsung-pay-and-google-pay-makes-fraud-easy-for-thieves/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32331">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 19:51:42">
19:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Save an extra 15% off training in ethical hacking with this pre-Black Friday sale deal 🦿</strong><br><br><code>Develop the necessary skills and use the tools to be an ethical hacker through this 120-hour comprehensive course bundle.</code><br><br><a href="https://www.techrepublic.com/article/save-an-extra-15-off-training-in-ethical-hacking-with-this-pre-black-friday-sale-deal/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32332">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:12:44">
20:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 BT to Deploy &apos;Epidemiological AI&apos; Based on the Spread of Viruses in Humans to Combat Cyberattacks 🕴</strong><br><br><code>Using the spread of viruses in human populations as a model to inform its AI, Inflame is a key component in BT’s recently-announced Eagle-i platform.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/bt-to-deploy-epidemiological-ai-based-on-the-spread-of-viruses-in-humans-to-combat-cyberattacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32333">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:12:47">
20:12
       </div>

       <div class="text">
<strong>🕴 MSPAlliance Leadership Council Forms Vendor Council to Address Managed Services Supply Chain Risk 🕴</strong><br><br><code>MSP supply chain threats will be mitigated through transparency, education, business continuity planning, and managed services channel certification.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/mspalliance-leadership-council-forms-vendor-council-to-address-managed-services-supply-chain-risk">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32334">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:12:48">
20:12
       </div>

       <div class="text">
<strong>🕴 Emerging Security Tools Tackle GraphQL Security 🕴</strong><br><br><code>New security tools are proactively protecting APIs built with GraphQL, before attacks against them become more commonplace.</code><br><br><a href="https://www.darkreading.com/dr-tech/emerging-security-tools-tackle-graphql-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32335">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:12:50">
20:12
       </div>

       <div class="text">
<strong>🕴 Ankura Launches Brooklyn Cyber Center 🕴</strong><br><br><code>New initiative addresses shortage of professionals and lack of diversity in cybersecurity by recruiting, training and retaining diverse talent from underrepresented backgrounds.</code><br><br><a href="https://www.darkreading.com/careers-and-people/ankura-launches-brooklyn-cyber-center">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32336">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:15">
20:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3786 ‼</strong><br><br><code>A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3786">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32337">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:18">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-43610 ‼</strong><br><br><code>Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43610">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32338">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:20">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3789 ‼</strong><br><br><code>An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3789">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32339">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:21">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-39303 ‼</strong><br><br><code>The server in Jamf Pro before 10.32.0 has a vulnerability affecting integrity and availability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39303">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32340">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:22">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3788 ‼</strong><br><br><code>An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3788">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32341">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:24">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3720 ‼</strong><br><br><code>An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3720">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32342">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:26">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-21141 ‼</strong><br><br><code>iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&amp;do=add.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21141">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32343">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:27">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3718 ‼</strong><br><br><code>A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3718">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32344">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:30">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3793 ‼</strong><br><br><code>An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access administrative pages that could result in information disclosure or device firmware update with verified firmware.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3793">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32345">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:32">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3791 ‼</strong><br><br><code>An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3791">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32346">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:34">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3577 ‼</strong><br><br><code>An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3577">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32347">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:35">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3843 ‼</strong><br><br><code>A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3843">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32348">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:36">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3790 ‼</strong><br><br><code>A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3790">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32349">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:37">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3792 ‼</strong><br><br><code>Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an attacker.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3792">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32350">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:38">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3599 ‼</strong><br><br><code>A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32351">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:41">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-43331 ‼</strong><br><br><code>In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43331">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32352">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:42">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3787 ‼</strong><br><br><code>A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3787">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32353">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:44">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3719 ‼</strong><br><br><code>A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32354">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:45">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-42563 ‼</strong><br><br><code>There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32355">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:39:47">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-43611 ‼</strong><br><br><code>Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via &quot; \ &quot; in the display name of a From header.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43611">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32356">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 20:45:18">
20:45
       </div>

       <div class="text">
<strong>❌ Costco Confirms: A Data Skimmer’s Been Ripping Off Customers ❌</strong><br><br><code>Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.</code><br><br><a href="https://threatpost.com/costco-data-skimmer-customers-notification/176320/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32357">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 22:13:32">
22:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Threat from Organized Cybercrime Syndicates Is Rising ❌</strong><br><br><code>Europol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.</code><br><br><a href="https://threatpost.com/organized-cybercrime-syndicates-europol/176326/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32358">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 22:39:20">
22:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36315 ‼</strong><br><br><code>Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36315">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32359">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 22:39:21">
22:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-36323 ‼</strong><br><br><code>Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36323">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32360">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 22:39:23">
22:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-21528 ‼</strong><br><br><code>Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21528">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32361">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 22:39:24">
22:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-36325 ‼</strong><br><br><code>Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36325">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32362">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 22:39:25">
22:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-36305 ‼</strong><br><br><code>Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36305">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32363">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 22:39:26">
22:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-36324 ‼</strong><br><br><code>Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36324">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32364">

      <div class="body">

       <div class="pull_right date details" title="12.11.2021 22:39:27">
22:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-41229 ‼</strong><br><br><code>BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41229">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-951">

      <div class="body details">
13 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32365">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 08:39:49">
08:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3938 ‼</strong><br><br><code>snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3938">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32366">

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 08:39:50">
08:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3918 ‼</strong><br><br><code>json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (&apos;Prototype Pollution&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32367">

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 08:39:52">
08:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3775 ‼</strong><br><br><code>showdoc is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3775">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32368">

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 08:39:53">
08:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3945 ‼</strong><br><br><code>django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3945">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32369">

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 08:39:54">
08:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3921 ‼</strong><br><br><code>firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3921">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32370">

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 08:39:55">
08:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3776 ‼</strong><br><br><code>showdoc is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3776">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32371">

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 08:39:56">
08:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3932 ‼</strong><br><br><code>twill is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3932">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32372">

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 08:39:57">
08:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3915 ‼</strong><br><br><code>bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3915">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32373">

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 08:39:58">
08:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3683 ‼</strong><br><br><code>showdoc is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3683">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32374">

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 08:39:59">
08:39
       </div>

       <div class="text">
<strong>‼ CVE-2021-3931 ‼</strong><br><br><code>snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32375">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 14:40:09">
14:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41653 ‼</strong><br><br><code>The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41653">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32376">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 16:40:17">
16:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43616 ‼</strong><br><br><code>The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43616">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32377">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 17:51:58">
17:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ DHS warning about hackers in your network? Don’t panic! ⚠</strong><br><br><code>Fake warnings and false accusations - it&apos;s a &quot;call to distraction&quot;</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/13/dhs-warning-about-hackers-in-your-network-dont-panic/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32378">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2021 20:19:57">
20:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ Hoax Email Blast Abused Poor Coding in FBI Website ♟️</strong><br><br><code>The Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.</code><br><br><a href="https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-952">

      <div class="body details">
14 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32379">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 18:11:26">
18:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-14424 ‼</strong><br><br><code>Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14424">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32380">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:30">
20:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43272 ‼</strong><br><br><code>An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32381">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:32">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43278 ‼</strong><br><br><code>An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43278">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32382">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:33">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43391 ‼</strong><br><br><code>An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43391">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32383">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:35">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43279 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43279">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32384">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:36">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43275 ‼</strong><br><br><code>A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43275">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32385">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:37">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-26795 ‼</strong><br><br><code>A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26795">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32386">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:38">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43277 ‼</strong><br><br><code>An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43277">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32387">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:40">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43276 ‼</strong><br><br><code>An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43276">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32388">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:41">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43274 ‼</strong><br><br><code>A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43274">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32389">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:43">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43273 ‼</strong><br><br><code>An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43273">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32390">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:44">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43336 ‼</strong><br><br><code>An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43336">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32391">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:47">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43390 ‼</strong><br><br><code>An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43390">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32392">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:49">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43280 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43280">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32393">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:50">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2020-16152 ‼</strong><br><br><code>The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16152">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32394">

      <div class="body">

       <div class="pull_right date details" title="14.11.2021 20:11:52">
20:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-41057 ‼</strong><br><br><code>In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41057">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-953">

      <div class="body details">
15 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32395">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 03:11:51">
03:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43618 ‼</strong><br><br><code>GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43618">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32396">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 03:11:53">
03:11
       </div>

       <div class="text">
<strong>‼ CVE-2021-43620 ‼</strong><br><br><code>An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first &apos;\0&apos; byte, which might not be the end of the string.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43620">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32397">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 12:12:14">
12:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Removing need to unlock mobile wallets for contactless payments has eroded security protections, researchers warn 🗓️</strong><br><br><code>Mind the gap</code><br><br><a href="https://portswigger.net/daily-swig/removing-need-to-unlock-mobile-wallets-for-contactless-payments-has-eroded-security-protections-researchers-warn">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32398">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 12:16:21">
12:16
       </div>

       <div class="text">
<strong>🕴 How Visibility Became the Lifeblood of SecOps and Business Success 🕴</strong><br><br><code>The best way to succeed in the long-term cybersecurity is to invest in visibility because you can&apos;t protect or defend against what you can&apos;t see.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/how-visibility-became-the-lifeblood-of-secops-and-business-success">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32399">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 12:22:56">
12:22
       </div>

       <div class="text">
<strong>🦿 Facebook and Google &quot;listening&quot; is more pervasive than you think 🦿</strong><br><br><code>Yet another consumer is disturbed by the sketchy algorithms deployed by Facebook. Here&apos;s how the app knows what you&apos;re talking about and what to do about it.</code><br><br><a href="https://www.techrepublic.com/article/facebook-and-google-listening-is-more-pervasive-than-you-think/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32400">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 12:22:57">
12:22
       </div>

       <div class="text">
<strong>🦿 Malicious shopping websites surge in number in advance of Black Friday 🦿</strong><br><br><code>More than 5,300 malicious websites have popped up each week, the highest since the start of 2021, says Check Point Research.</code><br><br><a href="https://www.techrepublic.com/article/malicious-shopping-websites-surge-in-number-in-advance-of-black-friday/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32401">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 12:42:15">
12:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Vulnerability in FBI email infrastructure allowed malicious actor to send false cyber-attack warnings to thousands 🗓️</strong><br><br><code>Security issue saw fake emails sent from legitimate agency accounts</code><br><br><a href="https://portswigger.net/daily-swig/vulnerability-in-fbi-email-infrastructure-allowed-malicious-actor-to-send-false-cyber-attack-warnings-to-thousands">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32402">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 13:42:21">
13:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Microsoft fixes reflected XSS in Exchange Server 🗓️</strong><br><br><code>Researchers’ bid to reproduce ProxyShell yields something entirely new</code><br><br><a href="https://portswigger.net/daily-swig/microsoft-fixes-reflected-xss-in-exchange-server">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32403">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 13:45:23">
13:45
       </div>

       <div class="text">
<strong>❌ FBI Says Its System Was Exploited to Email Fake Cyberattack Alert ❌</strong><br><br><code>The alert was mumbo jumbo, but it was indeed sent from the bureau&apos;s email system, from the agency’s own internet address.</code><br><br><a href="https://threatpost.com/fbi-system-exploit-email-fake-cyberattack-alert/176333/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32404">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 13:48:25">
13:48
       </div>

       <div class="text">
<strong>🕴 JupiterOne and Cisco Announce Launch of Secure Cloud Insights 🕴</strong><br><br><code>The partnership is designed to provide businesses with a range of cybersecurity services.</code><br><br><a href="https://www.darkreading.com/cloud/jupiterone-and-cisco-announce-launch-of-secure-cloud-insights">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32405">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 13:52:58">
13:52
       </div>

       <div class="text">
<strong>🦿 Don&apos;t fall for LinkedIn phishing: How to watch for this credential-stealing attack 🦿</strong><br><br><code>Cybercriminals are now using LinkedIn to find a way into your files. Learn how to detect phishing on LinkedIn and protect yourself from it.</code><br><br><a href="https://www.techrepublic.com/article/dont-fall-for-linkedin-phishing-how-to-watch-for-this-credential-stealing-attack/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32406">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 15:22:52">
15:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How to Negotiate With Ransomware Attackers 🕴</strong><br><br><code>Security researchers investigate the ransom negotiation process to create strategies businesses can use if they face an attack.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/how-to-negotiate-with-ransomware-attackers">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32407">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 15:22:53">
15:22
       </div>

       <div class="text">
<strong>🦿 How organizations are beefing up their cybersecurity to combat ransomware 🦿</strong><br><br><code>Most organizations surveyed by Hitachi ID are moving partly to software-as-a-service. Less than half have adopted a Zero Trust strategy.</code><br><br><a href="https://www.techrepublic.com/article/how-organizations-are-beefing-up-their-cybersecurity-to-combat-ransomware/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32408">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 17:15:25">
17:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cybercriminals Target Alibaba Cloud for Cryptomining, Malware ❌</strong><br><br><code>Cybercriminals are targeting Alibaba Elastic Computing Service (ECS) instances, disabling certain security features to further their cryptomining goals. Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted. According to research from Trend Micro, the Chinese giant’s cloud (also known as Aliyun) has a preinstalled security agent. While […]</code><br><br><a href="https://threatpost.com/cybercriminals-alibaba-cloud-cryptomining-malware/176348/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32409">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 17:48:06">
17:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 FTC Updates Safeguards Rule for Consumer Financial Information 🔏</strong><br><br><code>The FTC recently made changes to the Gramm-Leach-Bliley Act’s Safeguards Rule that should pose further privacy obligations to covered financial institutions.</code><br><br><a href="https://digitalguardian.com/blog/ftc-updates-safeguards-rule-consumer-financial-information">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32410">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 18:15:26">
18:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ High-Severity Intel Processor Bug Exposes Encryption Keys ❌</strong><br><br><code>CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files.</code><br><br><a href="https://threatpost.com/intel-processor-bug-encryption-keys/176355/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32411">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 18:46:51">
18:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Name That Toon: Cubicle for Four 🕴</strong><br><br><code>Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/name-that-toon-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32412">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 19:15:38">
19:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ The Best Ransomware Response, According to the Data  ❌</strong><br><br><code>An analysis of ransomware attack negotiation-data offers best practices.</code><br><br><a href="https://threatpost.com/ransomware-response-data/176360/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32413">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 19:18:31">
19:18
       </div>

       <div class="text">
<strong>🕴 FBI Attributes Abuse of Its Email Account to Software &apos;Misconfiguration&apos; 🕴</strong><br><br><code>A wave of phony emails from an FBI mail server originated from an issue with the agency&apos;s Law Enforcement Enterprise Portal.</code><br><br><a href="https://www.darkreading.com/application-security/fbi-attributes-fake-email-from-its-account-to-software-misconfiguration-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32414">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 19:46:46">
19:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Norton Special Report Reveals Nearly 1 in 2 Gamers Have Experienced a Cyberattack 🕴</strong><br><br><code>Three in four say they were impacted financially as a result, losing more than $700 on average.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/norton-special-report-reveals-nearly-1-in-2-gamers-have-experienced-a-cyberattack">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32415">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 19:53:05">
19:53
       </div>

       <div class="text">
<strong>🦿 Cybersecurity is a growing field that can benefit from hiring veterans 🦿</strong><br><br><code>There is a real need for &quot;boots-on-the-ground&quot; cybersecurity professionals, so why not tap into a pool of trained and motivated veterans?</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-is-a-growing-field-that-can-benefit-from-hiring-veterans/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32416">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 19:57:44">
19:57
       </div>

       <div class="text">
<strong>🕴 Trend Micro: 90% of IT Decision Makers Believe Organizations Compromise on Cybersecurity in Favor of Other Goals 🕴</strong><br><br><code>Trend Micro study reveals need for new way to discuss business risk.</code><br><br><a href="https://www.darkreading.com/operations/trend-micro-90-of-it-decision-makers-believe-organizations-compromise-on-cybersecurity-in-favor-of-other-goals">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32417">

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 20:00:57">
20:00
       </div>

       <div class="text">
<strong>🕴 MacOS Zero-Day Used in Watering-Hole Attacks 🕴</strong><br><br><code>Attackers targeted Chinese pro-democracy groups using a vulnerability fixed in September along with a second vulnerability fixed early in the year, Google says.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/mac-os-0-day-used-in-watering-hole-attacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32418">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 20:16:49">
20:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Immersive Labs Acquires Snap Labs to Power Cyber Simulations With New Depth and Realism 🕴</strong><br><br><code>Integrated offering to deliver hyper-realistic team exercises specific to customer environments for more relevant cyber knowledge, skills, and judgment.</code><br><br><a href="https://www.darkreading.com/cloud/immersive-labs-acquires-snap-labs-to-power-cyber-simulations-with-new-depth-and-realism">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32419">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2021 20:46:49">
20:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Troubling Rise of Internet Access Brokers 🕴</strong><br><br><code>Criminal groups are ramping up use of IABs to get access to networks without having to deal with the initial reconnaissance and intrusion phases.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/the-troubling-rise-of-internet-access-brokers">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-954">

      <div class="body details">
16 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32420">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 09:24:34">
09:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ HTTP header smuggling attack against AWS API Gateway exposes systems to cache poisoning 🗓️</strong><br><br><code>New hacking technique may pave the way for other serious attacks</code><br><br><a href="https://portswigger.net/daily-swig/http-header-smuggling-attack-against-aws-api-gateway-exposes-systems-to-cache-poisoning">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32421">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 10:53:27">
10:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Fear and shame are making it harder to fight ransomware and accidental data loss, report finds 🦿</strong><br><br><code>A third of employees admit lying to hide the fact that they accidentally deleted data, most doing so out of embarrassment or fear of punishment. Even more would lie about a ransomware infection.</code><br><br><a href="https://www.techrepublic.com/article/fear-and-shame-are-making-it-harder-to-fight-ransomware-and-accidental-data-loss-report-finds/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32422">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 11:15:57">
11:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Emotet Resurfaces on the Back of TrickBot After Nearly a Year ❌</strong><br><br><code>Researchers observed what looks like the Emotet botnet – the &quot;world’s most dangerous malware&quot; – reborn and distributed by the trojan it used to deliver.</code><br><br><a href="https://threatpost.com/emotet-resurfaces-trickbot/176362/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32423">

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 11:23:16">
11:23
       </div>

       <div class="text">
<strong>⚠ Emotet malware: “The report of my death was an exaggeration” ⚠</strong><br><br><code>&quot;Old malware rarely dies.&quot; The best way to predict the future is to look at the past... if it worked before, it will probably work again.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/16/emotet-malware-the-report-of-my-death-was-an-exaggeration/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32424">

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 11:23:54">
11:23
       </div>

       <div class="text">
<strong>🗓️ Server-side vulnerabilities in Concrete CMS put thousands of websites under threat 🗓️</strong><br><br><code>Web admins urged to apply patches now</code><br><br><a href="https://portswigger.net/daily-swig/server-side-vulnerabilities-in-concrete-cms-put-thousands-of-websites-under-threat">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32425">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 12:17:56">
12:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Navigating the Complexity of Today&apos;s Digital Supply Chain 🕴</strong><br><br><code>An efficient way to monitor security is to model user behavior using time series data and watching for anomalies.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/navigating-the-complexity-of-today-s-digital-supply-chain">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32426">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 12:54:38">
12:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Number of cyber-attacks infiltrating critical New Zealand networks soars 🗓️</strong><br><br><code>National cybersecurity agency also observes rise in automated probing for web security flaws</code><br><br><a href="https://portswigger.net/daily-swig/number-of-cyber-attacks-infiltrating-critical-new-zealand-networks-soars">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32427">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 14:26:25">
14:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ The self-driving smart suitcase… that the person behind you can hijack! ⚠</strong><br><br><code>Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/16/the-self-driving-smart-suitcase-that-the-person-behind-you-can-hijack/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32428">

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 14:26:27">
14:26
       </div>

       <div class="text">
<strong>🗓️ Exploit-as-a-service: Cybercriminals exploring potential of leasing out zero-day vulnerabilities 🗓️</strong><br><br><code>New approach echoes the depressingly successful ransomware-as-a-service business model</code><br><br><a href="https://portswigger.net/daily-swig/exploit-as-a-service-cybercriminals-exploring-potential-of-leasing-out-zero-day-vulnerabilities">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32429">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 15:18:09">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 4 Considerations for Improving Cloud Security Hygiene 🕴</strong><br><br><code>Mixing cloud security and maintenance practices with legacy enterprise approaches usually ends up shortchanging cloud hygiene. Here are some ways to remedy that.</code><br><br><a href="https://www.darkreading.com/cloud/4-considerations-for-improving-cloud-security-hygiene">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32430">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 16:24:08">
16:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ MosesStaff Locks Up Targets, with No Ransom Demand, No Decryption ❌</strong><br><br><code>A politically motivated group is paralyzing Israeli entities with no financial goal -- and no intention of handing over decryption keys.</code><br><br><a href="https://threatpost.com/mosesstaff-locks-targets-ransom-decryption/176366/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32431">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 17:18:22">
17:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Old Ways Aren’t Working: Let’s Rethink OT Security 🕴</strong><br><br><code>Ransomware attacks against critical infrastructure go beyond locking up data. They can entirely shut down production in a facility. Here&apos;s how AI can help you fight back.</code><br><br><a href="https://www.darkreading.com/dr-tech/the-old-ways-aren-t-working-let-s-rethink-ot-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32432">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 17:46:06">
17:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 200M Adult Cam Model, User Records Exposed in Stripchat Breach ❌</strong><br><br><code>The leak included model information, chat messages and payment details.</code><br><br><a href="https://threatpost.com/adult-cam-model-user-records-exposed-stripchat-breach/176372/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32433">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 18:24:12">
18:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 14 tactics to use during a ransomware negotiation 🦿</strong><br><br><code>Security researchers analyzed 700 incidents to understand the economics of these threats as well as what bargaining tactics work.</code><br><br><a href="https://www.techrepublic.com/article/14-tactics-to-use-during-a-ransomware-negotiation/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32434">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 19:16:09">
19:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Rooting Malware Is Back for Mobile. Here’s What to Look Out For. ❌</strong><br><br><code>Hank Schless, senior manager of security solutions at Lookout, discusses AbstractEmu, mobile malware found on Google Play, Amazon Appstore and the Samsung Galaxy Store.</code><br><br><a href="https://threatpost.com/rooting-malware-mobile/176376/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32435">

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 19:19:09">
19:19
       </div>

       <div class="text">
<strong>🕴 Emotet Makes a Comeback 🕴</strong><br><br><code>The popular Trojan has re-emerged on the scene several months after the botnet infrastructure behind it was disrupted by law enforcement.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/emotet-returns">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32436">

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 19:19:11">
19:19
       </div>

       <div class="text">
<strong>🕴 Cybercriminals Increasingly Employ Crypto-Mixers to Launder Stolen Profits 🕴</strong><br><br><code>Crypto-mixer services are set to grow as ransomware and other cybercriminal enterprises increasingly lean into cryptocurrency, new research shows.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cryptomixers-still-a-popular-way-to-launder-crime-profits">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32437">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 19:46:12">
19:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment ❌</strong><br><br><code>Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out of the FBI’s email system, says it&apos;s just one of a string of jabs from a childish but cybercriminally talented tormentor.</code><br><br><a href="https://threatpost.com/fbi-email-hoaxer-ided-vinny-troia/176377/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32438">

      <div class="body">

       <div class="pull_right date details" title="16.11.2021 19:49:13">
19:49
       </div>

       <div class="text">
<strong>🕴 New Global Rackspace Technology Survey Underscores Rapid Pace of Cloud Adoption 🕴</strong><br><br><code>More than half of respondents have 100% of their infrastructure in the cloud; IT playing an increasingly critical role in driving corporate strategy.</code><br><br><a href="https://www.darkreading.com/cloud/new-global-rackspace-technology-survey-underscores-rapid-pace-of-cloud-adoption">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-955">

      <div class="body details">
17 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32439">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 09:23:16">
09:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Team Cymru Acquires Amplicy 🕴</strong><br><br><code>The combination of Team Cymru&apos;s threat intelligence and threat hunting capabilities and Amplicy&apos;s Internet asset discovery and vulnerability management will give enterprise defenders a comprehensive view of their organization&apos;s cyber risk.</code><br><br><a href="https://www.darkreading.com/dr-tech/team-cymru-acquires-amplicy">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32440">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 09:25:05">
09:25
       </div>

       <div class="text">
<strong>🗓️ Belarusian hackers claim to have accessed full database of those crossing the country’s borders 🗓️</strong><br><br><code>‘Belarus Cyber-Partisans’ say they gained access to all entries in and out of the country over the past 15 years</code><br><br><a href="https://portswigger.net/daily-swig/belarusian-hackers-claim-to-have-accessed-full-database-of-those-crossing-the-countrys-borders">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32441">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 10:51:41">
10:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts ❌</strong><br><br><code>Threat actors used malicious emails to target more than 125 people with high-profile TikTok accounts in an attempt to steal info and lock them out.</code><br><br><a href="https://threatpost.com/phishing-scam-tiktok-influencer/176391/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32442">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 11:25:26">
11:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Your weak passwords can be cracked in less than a second 🦿</strong><br><br><code>Easy-to-crack phrases &quot;123456,&quot; &quot;123456789,&quot; &quot;12345,&quot; &quot;qwerty&quot; and &quot;password&quot; are the five most common passwords, says NordPass.</code><br><br><a href="https://www.techrepublic.com/article/your-weak-passwords-can-be-cracked-in-less-than-a-second/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32443">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 11:49:41">
11:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Belarus Linked to Big European Disinformation Campaign 🕴</strong><br><br><code>EU officials and others previously had blamed Russia&apos;s intelligence operations for the so-called Ghostwriter campaign.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/report-identifies-belarus-involvement-in-big-european-disinformation-campaign">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32444">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 11:55:09">
11:55
       </div>

       <div class="text">
<strong>🗓️ Vulnerabilities in GitHub NPM packages could allow threat actors to publish malicious versions 🗓️</strong><br><br><code>Details of flaws were made public this week</code><br><br><a href="https://portswigger.net/daily-swig/vulnerabilities-in-github-npm-packages-could-allow-threat-actors-to-publish-malicious-versions">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32445">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:31">
12:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-12951 ‼</strong><br><br><code>Race condition in PSP FW could allow less privileged x86 code to perform PSP SMM operations.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12951">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32446">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:32">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38984 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) ‼</strong><br><br><code>IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32447">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:33">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-26321 ‼</strong><br><br><code>Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26321">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32448">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:34">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41244 ‼</strong><br><br><code>Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users&apos; roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41244">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32449">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:36">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24856 ‼</strong><br><br><code>The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24856">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32450">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:37">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2020-12904 ‼</strong><br><br><code>Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12904">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32451">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:39">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43495 ‼</strong><br><br><code>AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43495">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32452">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:40">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41950 ‼</strong><br><br><code>A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41950">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32453">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:42">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-26330 ‼</strong><br><br><code>AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32454">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:43">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-25984 ‼</strong><br><br><code>In Factor (App Framework &amp; Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post replyâ€� section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32455">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:45">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-39222 ‼</strong><br><br><code>Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32456">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:46">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-24852 ‼</strong><br><br><code>The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have CSRF check in place on its settings page, which could allow attackers to make a logged in admin change them via a CSRF attack</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24852">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32457">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:48">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-42955 ‼</strong><br><br><code>Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42955">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32458">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:49">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2020-12892 ‼</strong><br><br><code>An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12892">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32459">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:50">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2020-12954 ‼</strong><br><br><code>A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12954">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32460">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:51">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38978 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) ‼</strong><br><br><code>IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 212783.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38978">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32461">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:52">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-25965 ‼</strong><br><br><code>In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin privileges and attacker-controlled credentials, allowing them to take over the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25965">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32462">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:54">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-38983 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) ‼</strong><br><br><code>IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38983">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32463">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:55">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-42956 ‼</strong><br><br><code>Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42956">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32464">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:14:56">
12:14
       </div>

       <div class="text">
<strong>‼ CVE-2020-12898 ‼</strong><br><br><code>Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12898">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32465">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:33">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42380 (busybox) ‼</strong><br><br><code>A use-after-free in Busybox&apos;s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42380">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32466">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:34">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42383 (busybox) ‼</strong><br><br><code>A use-after-free in Busybox&apos;s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42383">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32467">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:35">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-41271 ‼</strong><br><br><code>Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32468">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:36">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42384 (busybox) ‼</strong><br><br><code>A use-after-free in Busybox&apos;s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42384">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32469">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:37">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42580 ‼</strong><br><br><code>Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42580">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32470">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:39">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42114 ‼</strong><br><br><code>Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips on affected memory modules using our Blacksmith fuzzer. The patterns generated by Blacksmith were able to trigger bitflips on all 40 PC-DDR4 DRAM devices in our test pool, which cover the three major DRAM manufacturers: Samsung, SK Hynix, and Micron. This means that, even when chips advertised as Rowhammer-free are used, attackers may still be able to exploit Rowhammer. For example, this enables privilege-escalation attacks against the kernel or binaries such as the sudo binary, and also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain cross-tenant virtual-machine access. We can confirm that DRAM devices acquired in July 2020 with DRAM chips from all three major DRAM vendors (Samsung, SK Hynix, Micron) are affected by this vulnerability. For more details, please refer to our publication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42114">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32471">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:41">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-38981 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) ‼</strong><br><br><code>IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212788.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38981">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32472">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:42">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42723 ‼</strong><br><br><code>Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32473">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:43">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42731 ‼</strong><br><br><code>Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42731">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32474">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:44">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-41263 ‼</strong><br><br><code>rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails&apos; signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different &apos;sites&apos; within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41263">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32475">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:45">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42725 ‼</strong><br><br><code>Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by an improper access control vulnerability that leads to a security feature bypass. By manipulating referer headers, an unauthenticated attacker could gain access to arbitrary pages that they are not authorized to access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42725">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32476">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:46">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2020-12961 ‼</strong><br><br><code>A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12961">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32477">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:47">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-38979 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) ‼</strong><br><br><code>IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 212785.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38979">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32478">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:49">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-30216 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a customer-controlled product. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30216">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32479">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:50">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42954 ‼</strong><br><br><code>Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42954">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32480">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:51">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-26338 ‼</strong><br><br><code>Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32481">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:53">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-43048 ‼</strong><br><br><code>The Interior Server and Gateway Server components of TIBCO Software Inc.&apos;s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.&apos;s TIBCO PartnerExpress: versions 6.2.1 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43048">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32482">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:54">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42706 ‼</strong><br><br><code>This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42706">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32483">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:55">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2020-12920 ‼</strong><br><br><code>A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12920">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32484">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:20:56">
12:20
       </div>

       <div class="text">
<strong>‼ CVE-2020-12894 ‼</strong><br><br><code>Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12894">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32485">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:28">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-38949 ‼</strong><br><br><code>IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38949">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32486">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:29">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42375 ‼</strong><br><br><code>An incorrect handling of a special element in Busybox&apos;s ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42375">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32487">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:30">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-38977 (security_guardium_key_lifecycle_manager, security_key_lifecycle_manager) ‼</strong><br><br><code>IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 212782.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38977">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32488">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:31">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-24850 ‼</strong><br><br><code>The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages&apos; content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post&apos;s custom fields.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32489">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:32">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-21639 ‼</strong><br><br><code>Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21639">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32490">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:33">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-12960 ‼</strong><br><br><code>AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12960">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32491">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:35">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-43011 ‼</strong><br><br><code>Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43011">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32492">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:36">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-12899 ‼</strong><br><br><code>Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12899">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32493">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:37">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42726 ‼</strong><br><br><code>Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42726">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32494">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:39">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-24787 ‼</strong><br><br><code>The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24787">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32495">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:40">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-21627 ‼</strong><br><br><code>Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21627">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32496">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:42">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-24847 ‼</strong><br><br><code>The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24847">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32497">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:43">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-3939 ‼</strong><br><br><code>Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32498">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:44">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-24772 ‼</strong><br><br><code>The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32499">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:45">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42378 (busybox) ‼</strong><br><br><code>A use-after-free in Busybox&apos;s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42378">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32500">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:47">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-24853 ‼</strong><br><br><code>The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24853">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32501">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:48">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42379 (busybox) ‼</strong><br><br><code>A use-after-free in Busybox&apos;s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42379">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32502">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:49">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-12905 ‼</strong><br><br><code>Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12905">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32503">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:50">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-25982 ‼</strong><br><br><code>In Factor (App Framework &amp; Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “searchâ€� parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25982">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32504">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:26:51">
12:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-42703 (webaccess_hmi_designer) ‼</strong><br><br><code>This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42703">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32505">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:27:31">
12:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-12903 ‼</strong><br><br><code>Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12903">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32506">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:27:32">
12:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-42385 (busybox) ‼</strong><br><br><code>A use-after-free in Busybox&apos;s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42385">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32507">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:27:33">
12:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-25985 ‼</strong><br><br><code>In Factor (App Framework &amp; Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25985">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32508">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:27:35">
12:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-29861 ‼</strong><br><br><code>IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29861">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32509">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:27:36">
12:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-26323 ‼</strong><br><br><code>Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26323">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32510">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:27:37">
12:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-24802 ‼</strong><br><br><code>The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24802">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32511">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:27:38">
12:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-41266 ‼</strong><br><br><code>Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41266">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32512">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:30:51">
12:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-42373 ‼</strong><br><br><code>A NULL pointer dereference in Busybox&apos;s man applet leads to denial of service when a section name is supplied but no page argument is given</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42373">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32513">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:30:52">
12:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-42721 ‼</strong><br><br><code>Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42721">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32514">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:30:53">
12:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-42374 ‼</strong><br><br><code>An out-of-bounds heap read in Busybox&apos;s unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42374">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32515">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:30:54">
12:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-12902 ‼</strong><br><br><code>Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12902">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32516">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:30:56">
12:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-42377 ‼</strong><br><br><code>An attacker-controlled pointer free in Busybox&apos;s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &amp;&amp;&amp; string. This may be used for remote code execution under rare conditions of filtered command input.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42377">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32517">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:53:36">
12:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Emotet malware: “The report of my death was an exaggeration” ⚠</strong><br><br><code>&quot;Old malware rarely dies.&quot; The best way to predict the future is to look at the past... if it worked before, it will probably work again.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/16/emotet-malware-the-report-of-my-death-was-an-exaggeration/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32518">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:53:38">
12:53
       </div>

       <div class="text">
<strong>⚠ The self-driving smart suitcase… that the person behind you can hijack! ⚠</strong><br><br><code>Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/16/the-self-driving-smart-suitcase-that-the-person-behind-you-can-hijack/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32519">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:56:38">
12:56
       </div>

       <div class="text">
<strong>🦿 Your weak passwords can be cracked in less than a second 🦿</strong><br><br><code>Easy-to-crack phrases &quot;123456,&quot; &quot;123456789,&quot; &quot;12345,&quot; &quot;qwerty&quot; and &quot;password&quot; are the five most common passwords, says NordPass.</code><br><br><a href="https://www.techrepublic.com/article/your-weak-passwords-can-be-cracked-in-less-than-a-second/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32520">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 12:56:39">
12:56
       </div>

       <div class="text">
<strong>🦿 How to protect your organization from ransomware attacks during the holiday season 🦿</strong><br><br><code>A quarter of security pros polled by Cybereason said they lack a plan to deal with a ransomware attack during a weekend or holiday.</code><br><br><a href="https://www.techrepublic.com/article/how-to-protect-your-organization-from-ransomware-attacks-during-the-holiday-season/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32521">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 14:14:34">
14:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42250 ‼</strong><br><br><code>Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42250">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32522">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 14:14:35">
14:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-40745 ‼</strong><br><br><code>Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40745">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32523">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 14:19:59">
14:19
       </div>

       <div class="text">
<strong>🕴 Is XDR Overhyped? 🕴</strong><br><br><code>Security experts weigh in on the value and pitfalls of extended detection and response (XDR), offering consideration and advice on this growing new category.</code><br><br><a href="https://www.darkreading.com/endpoint/is-xdr-overhyped-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32524">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 14:23:32">
14:23
       </div>

       <div class="text">
<strong>❌ Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns ❌</strong><br><br><code>Meanwhile, a Microsoft analysis that followed six Iranian threat actor groups for over a year found them increasingly sophisticated, adapting and thriving.</code><br><br><a href="https://threatpost.com/exchange-fortinet-exploited-iranian-apt-cisa/176395/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32525">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 14:23:33">
14:23
       </div>

       <div class="text">
<strong>⚠ Apple’s Privacy Protection feature – watch out if you have a Watch! ⚠</strong><br><br><code>Apple&apos;s &quot;Protect Mail Activity&quot; is a handy privacy enhancement for your messaging habits. As long as you know its limitations...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/17/apples-privacy-protection-feature-watch-out-if-you-have-a-watch/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32526">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 14:24:54">
14:24
       </div>

       <div class="text">
<strong>🗓️ Secure development: New and improved Linux Random Number Generator ready for testing 🗓️</strong><br><br><code>Proposed replacement for /dev/random promises to double performance and add flexibility</code><br><br><a href="https://portswigger.net/daily-swig/secure-development-new-and-improved-linux-random-number-generator-ready-for-testing">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32527">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 14:24:55">
14:24
       </div>

       <div class="text">
<strong>🦿 How to beef up your multicloud security 🦿</strong><br><br><code>A majority of IT leaders surveyed by Valtix said they realize their employees lack the necessary skills to manage multicloud security.</code><br><br><a href="https://www.techrepublic.com/article/how-to-beef-up-your-multi-cloud-security/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32528">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 15:20:12">
15:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 5 Things ML Teams Should Know About Privacy and the GDPR 🕴</strong><br><br><code>Machine learning delivers plenty of benefits. But as the emerging technology gets applied more broadly, be careful about how you handle all the data used in the process.</code><br><br><a href="https://www.darkreading.com/risk/5-things-ml-teams-should-know-about-privacy-and-the-gdpr">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32529">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 15:55:33">
15:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 5 predictions to help you focus your web app security resources in 2022 🦿</strong><br><br><code>This is the year business leaders will learn just how innovative online criminals have become, and it&apos;ll take rethinking how we perceive account security to fight it, says PerimeterX CTO Ido Safruti.</code><br><br><a href="https://www.techrepublic.com/article/5-predictions-to-help-you-focus-your-web-app-security-resources-in-2022/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32530">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:14:38">
16:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43976 ‼</strong><br><br><code>In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43976">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32531">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:14:39">
16:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-42362 ‼</strong><br><br><code>The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32532">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:14:40">
16:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-42360 ‼</strong><br><br><code>On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42360">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32533">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:14:41">
16:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-33480 ‼</strong><br><br><code>An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33480">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32534">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:14:43">
16:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-35528 ‼</strong><br><br><code>Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35528">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32535">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:14:44">
16:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-33479 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33479">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32536">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:14:46">
16:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43977 ‼</strong><br><br><code>SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43977">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32537">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:14:47">
16:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-33481 ‼</strong><br><br><code>A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32538">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:14:48">
16:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-32234 ‼</strong><br><br><code>SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32234">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32539">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:14:49">
16:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43975 ‼</strong><br><br><code>In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43975">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32540">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 16:20:42">
16:20
       </div>

       <div class="text">
<strong>🕴 Cybercriminals Contemplate &apos;Exploit-as-a-Service&apos; Model 🕴</strong><br><br><code>Researchers share their findings on the current zero-day market and how criminals&apos; strategies may shift in the future.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cybercriminals-contemplate-exploit-as-a-service-model">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32541">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:44">
18:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-33092 ‼</strong><br><br><code>Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33092">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32542">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:46">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-0200 ‼</strong><br><br><code>Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0200">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32543">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:48">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-41274 ‼</strong><br><br><code>solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `solidus_auth_devise` are affected if `protect_from_forgery` method is both: Executed whether as: A `before_action` callback (the default) or A `prepend_before_action` (option `prepend: true` given) before the `:load_object` hook in `Spree::UserController` (most likely order to find). Configured to use `:null_session` or `:reset_session` strategies (`:null_session` is the default in case the no strategy is given, but `rails --new` generated skeleton use `:exception`). Users should promptly update to `solidus_auth_devise` version `2.5.4`. Users unable to update should if possible, change their strategy to `:exception`. Please see the linked GHSA for more workaround details.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41274">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32544">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:49">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-33062 ‼</strong><br><br><code>Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33062">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32545">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:50">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-43553 ‼</strong><br><br><code>PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32546">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:51">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-0135 ‼</strong><br><br><code>Improper input validation in the Intel(R) Ethernet Diagnostic Driver for Windows before version 1.4.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0135">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32547">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:52">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-33087 ‼</strong><br><br><code>Improper authentication in the installer for the Intel(R) NUC M15 Laptop Kit Management Engine driver pack before version 15.0.10.1508 may allow an authenticated user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33087">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32548">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:54">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-0158 ‼</strong><br><br><code>Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0158">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32549">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:55">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-0075 ‼</strong><br><br><code>Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow a privileged user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32550">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:55">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-33058 ‼</strong><br><br><code>Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33058">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32551">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:56">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-33071 ‼</strong><br><br><code>Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32552">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:57">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-0148 ‼</strong><br><br><code>Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0148">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32553">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:58">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-0199 ‼</strong><br><br><code>Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0199">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32554">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:14:59">
18:14
       </div>

       <div class="text">
<strong>‼ CVE-2021-33063 ‼</strong><br><br><code>Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP driver for Windows 10 before version 6.1.160.22 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33063">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32555">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:15:04">
18:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-33094 ‼</strong><br><br><code>Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33094">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32556">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:15:05">
18:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-33088 ‼</strong><br><br><code>Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33088">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32557">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:15:07">
18:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-41275 ‼</strong><br><br><code>spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback (the default). A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception). Users are advised to update their spree_auth_devise gem. For users unable to update it may be possible to change your strategy to :exception. Please see the linked GHSA for more workaround details. ### Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `spree_auth_devise` are affected if `protect_from_forgery` method is both: * Executed whether as: * A before_action callback (the default) * A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). * Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception). That means that applications that haven&apos;t been configured differently from what it&apos;s generated with Rails aren&apos;t affected. Thanks @waiting-for-dev for reporting and providing a patch ? ### Patches Spree 4.3 users should update to spree_auth_devise 4.4.1 Spree 4.2 users should update to spree_auth_devise 4.2.1 ### Workarounds If possible, change your strategy to :exception: ```ruby class ApplicationController &lt; ActionController::Base protect_from_forgery with: :exception end ``` Add the following to`config/application.rb `to at least run the `:exception` strategy on the affected controller: ```ruby config.after_initialize do Spree::UsersController.protect_from_forgery with: :exception end ``` ### References https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41275">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32558">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:15:09">
18:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0146 ‼</strong><br><br><code>Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32559">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:15:10">
18:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0157 ‼</strong><br><br><code>Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0157">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32560">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:15:12">
18:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0151 ‼</strong><br><br><code>Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0151">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32561">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:20:47">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-0065 ‼</strong><br><br><code>Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0065">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32562">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:20:47">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-0186 ‼</strong><br><br><code>Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0186">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32563">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:20:49">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-0078 ‼</strong><br><br><code>Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0078">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32564">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:20:50">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-33073 ‼</strong><br><br><code>Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33073">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32565">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:20:50">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-33089 ‼</strong><br><br><code>Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33089">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32566">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:20:54">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-41190 ‼</strong><br><br><code>The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifestsâ€? and “layersâ€? fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifestsâ€? and “layersâ€? fields or “manifestsâ€? and “configâ€? fields if they are unable to update to version 1.0.1 of the spec.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41190">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32567">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:20:55">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-41277 ‼</strong><br><br><code>Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin-&gt;settings-&gt;maps-&gt;custom maps-&gt;add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41277">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32568">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:20:56">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-33091 ‼</strong><br><br><code>Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33091">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32569">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:20:57">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-0096 ‼</strong><br><br><code>Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0096">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32570">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:20:58">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-0198 ‼</strong><br><br><code>Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0198">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32571">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:21:02">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-0120 ‼</strong><br><br><code>Improper initialization in the installer for some Intel(R) Graphics DCH Drivers for Windows 10 before version 27.20.100.9316 may allow an authenticated user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0120">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32572">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:21:04">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-43551 ‼</strong><br><br><code>A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim’s user permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43551">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32573">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:21:06">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-0082 ‼</strong><br><br><code>Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0082">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32574">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:21:08">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2020-8741 ‼</strong><br><br><code>Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8741">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32575">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:21:09">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-0180 ‼</strong><br><br><code>Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0180">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32576">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:21:11">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-41164 ‼</strong><br><br><code>CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version &lt; 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41164">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32577">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:21:14">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-0121 ‼</strong><br><br><code>Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0121">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32578">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:21:15">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-0069 ‼</strong><br><br><code>Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0069">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32579">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:21:17">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-33086 ‼</strong><br><br><code>Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33086">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32580">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 18:21:19">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-33059 ‼</strong><br><br><code>Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33059">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32581">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 19:16:53">
19:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Fake Ransomware Infection Hits WordPress Sites ❌</strong><br><br><code>WordPress sites have been splashed with ransomware warnings that are as real as dime-store cobwebs made out of spun polyester.</code><br><br><a href="https://threatpost.com/fake-ransomware-infection-wordpress/176410/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32582">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 19:16:53">
19:16
       </div>

       <div class="text">
<strong>❌ Netflix Bait: Phishers Target Streamers with Fake Service Signups ❌</strong><br><br><code>Lures dressed up to look like movie and TV streaming offers are swiping payment data.</code><br><br><a href="https://threatpost.com/netflix-bait-phishers-fake-signups/176422/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32583">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 19:50:38">
19:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Can I Have XDR Without EDR? 🕴</strong><br><br><code>Yes, extended detection and response is possible without endpoint detection and response, but here&apos;s why having both is helpful.</code><br><br><a href="https://www.darkreading.com/edge-ask-the-experts/can-i-have-xdr-for-my-organization-without-edr-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32584">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 20:14:47">
20:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43997 ‼</strong><br><br><code>Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU platforms does not prevent non-kernel code from calling the xPortRaisePrivilege and vPortResetPrivilege internal functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43997">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32585">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 20:20:43">
20:20
       </div>

       <div class="text">
<strong>🕴 CISA Releases Incident and Vulnerability Response Playbooks to Strengthen Cybersecurity for Federal Civilian Agencies 🕴</strong><br><br><code>Effort part of President Biden’s executive order to improve the nation’s sybersecurity.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/cisa-releases-incident-and-vulnerability-response-playbooks-to-strengthen-cybersecurity-for-federal-civilian-agencies-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32586">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 20:20:45">
20:20
       </div>

       <div class="text">
<strong>🕴 Sift Acquires Passwordless Authentication Pioneer Keyless to Provide Secure, Frictionless Authentication 🕴</strong><br><br><code>Biometric authentication innovator eliminates password-based account takeover and enables PSD2 Strong Customer Authentication while preserving user privacy.</code><br><br><a href="https://www.darkreading.com/endpoint/sift-acquires-passwordless-authentication-pioneer-keyless-to-provide-secure-frictionless-authentication">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32587">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 20:20:46">
20:20
       </div>

       <div class="text">
<strong>🕴 Palo Alto Networks Delivers What&apos;s Next in Security at Ignite &apos;21 🕴</strong><br><br><code>Cybersecurity company introduces solutions aimed at network security, cloud security and security operations.</code><br><br><a href="https://www.darkreading.com/cloud/palo-alto-networks-delivers-what-s-next-in-security-at-ignite-21">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32588">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 22:38:03">
22:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 Intel CPU flaw could enable hackers to attack PCs, cars, and medical devices 📢</strong><br><br><code>Vulnerability found in Pentium, Celeron, and Atom processors</code><br><br><a href="https://www.itpro.co.uk/hardware/361567/intel-chip-flaw-could-enable-hackers-to-attack-pcs-cars-and-medical-devices">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32589">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 22:38:05">
22:38
       </div>

       <div class="text">
<strong>📢 What are cookies 📢</strong><br><br><code>What do they do, how they work, and why does every website want you to accept them?</code><br><br><a href="https://www.itpro.co.uk/security/361576/what-are-cookies">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32590">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 22:38:07">
22:38
       </div>

       <div class="text">
<strong>📢 Identity-focussed security for your zero trust journey 📢</strong><br><br><code>Steps to protect your business from identity-driven threats</code><br><br><a href="https://www.itpro.co.uk/security/identity-and-access-management-iam/361566/identity-focussed-security-for-your-zero-trust">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32591">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 22:38:10">
22:38
       </div>

       <div class="text">
<strong>📢 Iranian hacking groups are evolving, warns Microsoft 📢</strong><br><br><code>Cyber espionage groups are increasingly utilizing ransomware to either collect funds or disrupt their targets</code><br><br><a href="https://www.itpro.co.uk/security/hacking/361580/iranian-hacking-groups-are-evolving-warns-microsoft">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32592">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 22:38:11">
22:38
       </div>

       <div class="text">
<strong>📢 NCSC: COVID-19 vaccines were prime target for hackers in 2021 📢</strong><br><br><code>The GCHQ&apos;s cyber arm says 20% of cyber attacks this year targeted the health sector and key organisations involved in the vaccine rollout</code><br><br><a href="https://www.itpro.co.uk/security/national-cyber-security-centre-ncsc/361570/ncsc-covid-19-vaccines-prime-target-hackers-2021">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32593">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 22:38:13">
22:38
       </div>

       <div class="text">
<strong>📢 Cryptomixers are helping hackers to launder ransomware payments 📢</strong><br><br><code>The services enable cyber criminals to anonymously clean proceeds from illicit activities</code><br><br><a href="https://www.itpro.co.uk/technology/cryptocurrencies/361577/cryptomixers-helping-hackers-launder-ransomware-payments">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32594">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 22:38:15">
22:38
       </div>

       <div class="text">
<strong>📢 How do you become an ethical hacker? 📢</strong><br><br><code>We examine what certifications do you need, what jobs are available and how much you can expect to be paid</code><br><br><a href="https://www.itpro.co.uk/641470/so-you-want-to-be-an-ethical-hacker">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32595">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 22:38:16">
22:38
       </div>

       <div class="text">
<strong>📢 Emotet infrastructure has almost doubled since resurgence was confirmed 📢</strong><br><br><code>Researchers confirm the infrastructure has also been upgraded for a &quot;better secured&quot;, more resilient operation</code><br><br><a href="https://www.itpro.co.uk/security/malware/361551/emotet-returns-spreading-quickly-help-of-trickbot">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32596">

      <div class="body">

       <div class="pull_right date details" title="17.11.2021 22:38:17">
22:38
       </div>

       <div class="text">
<strong>📢 Over a third of applications have high-risk vulnerabilities 📢</strong><br><br><code>Synopsys report reveals that 97% exhibit some form of vulnerability</code><br><br><a href="https://www.itpro.co.uk/software/361568/over-a-third-of-software-has-high-risk-vulnerabilities">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-956">

      <div class="body details">
18 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32597">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 10:55:35">
10:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Clubhouse launches bug bounty platform with $3,000 on offer for critical vulnerabilities 🗓️</strong><br><br><code>Audio-based social media platform prioritizes access control bypasses and information disclosure flaws</code><br><br><a href="https://portswigger.net/daily-swig/clubhouse-launches-bug-bounty-platform-with-3-000-on-offer-for-critical-vulnerabilities">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32598">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 11:24:07">
11:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials ❌</strong><br><br><code>Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.</code><br><br><a href="https://threatpost.com/spear-phishing-exploits-glitch-steal-credentials/176449/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32599">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 11:24:09">
11:24
       </div>

       <div class="text">
<strong>❌ How to Choose the Right DDoS Protection Solution ❌</strong><br><br><code>Pankaj Gupta, Senior Director at Citrix, outlines how distributed denial of service attacks have become increasingly sophisticated, bigger and economically motivated.</code><br><br><a href="https://threatpost.com/how-to-choose-the-right-ddos-protection-solution/176409/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32600">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 11:54:06">
11:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Apple’s Mail Privacy Protection feature – watch out if you have a Watch! ⚠</strong><br><br><code>Apple&apos;s &quot;Protect Mail Activity&quot; is a handy privacy enhancement for your messaging habits. As long as you know its limitations...</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/17/apples-privacy-protection-feature-watch-out-if-you-have-a-watch/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32601">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 11:57:07">
11:57
       </div>

       <div class="text">
<strong>🗓️ ‘Everyone is welcome’ – Microsoft security panel offers different perspectives on vulnerability disclosure process 🗓️</strong><br><br><code>BlueHat is back following pandemic-induced hiatus</code><br><br><a href="https://portswigger.net/daily-swig/everyone-is-welcome-microsoft-security-panel-offers-different-perspectives-on-vulnerability-disclosure-process">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32602">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 12:22:43">
12:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Swarm Intelligence May Be Just the Ticket for Improved Network &amp; Device Security 🕴</strong><br><br><code>Based on the reaction of a single insect in a swarm, messages are passed along peer to peer, and an entire environment can respond without a central leader processing data and giving orders.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/swarm-intelligence-may-be-just-the-ticket-for-improved-network-device-security">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32603">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 12:23:33">
12:23
       </div>

       <div class="text">
<strong>⚠ S3 Ep59: Emotet, an FBI hoax, Samba bugs, and a hijackable suitcase [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/18/s3-ep59-emotet-an-fbi-hoax-samba-bugs-and-a-hijackable-suitcase-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32604">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 12:56:14">
12:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Consumers like the benefits of online shopping despite the security risks 🦿</strong><br><br><code>Only 25% of consumers surveyed by NTT Application Security said they&apos;d take their online business elsewhere following a data breach.</code><br><br><a href="https://www.techrepublic.com/article/consumers-like-the-benefits-of-online-shopping-despite-the-security-risks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32605">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 13:25:10">
13:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 VA Releases New Strategy to Protect Veteran Data 🔏</strong><br><br><code>A new cybersecurity strategy, recently unveiled by the Department of Veteran Affairs, is designed to better protect veterans&apos; personal data.</code><br><br><a href="https://digitalguardian.com/blog/va-releases-new-strategy-protect-veteran-data">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32606">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 13:25:11">
13:25
       </div>

       <div class="text">
<strong>🗓️ Tor Project unveils plans to route device traffic through Tor anonymity network 🗓️</strong><br><br><code>VPN+ tech detailed during annual State of the Onion update</code><br><br><a href="https://portswigger.net/daily-swig/tor-project-unveils-plans-to-route-device-traffic-through-tor-anonymity-network">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32607">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 13:25:14">
13:25
       </div>

       <div class="text">
<strong>🦿 How midsize companies are vulnerable to data breaches and other cyberattacks 🦿</strong><br><br><code>Midsize companies often lack the staff, expertise and expensive tools needed to defend themselves against attack, says security provider Coro.</code><br><br><a href="https://www.techrepublic.com/article/how-midsize-companies-are-vulnerable-to-data-breaches-and-other-cyberattacks/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32608">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 13:47:24">
13:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months ❌</strong><br><br><code>The bureau&apos;s flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets&apos; networks.</code><br><br><a href="https://threatpost.com/fbi-fatpipe-vpn-zero-day-exploited-apt/176453/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32609">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:41">
14:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-0658 ‼</strong><br><br><code>In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0658">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32610">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:42">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-43667 ‼</strong><br><br><code>A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method &apos;forwardToLeader&apos;. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43667">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32611">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:43">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-35535 ‼</strong><br><br><code>Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35535">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32612">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:45">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-43549 ‼</strong><br><br><code>A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43549">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32613">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:46">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0671 ‼</strong><br><br><code>In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0671">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32614">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:47">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0620 ‼</strong><br><br><code>In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0620">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32615">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:49">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0622 ‼</strong><br><br><code>In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0622">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32616">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:51">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0657 ‼</strong><br><br><code>In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0657">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32617">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:52">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-37939 ‼</strong><br><br><code>It was discovered that Kibana’s JIRA connector &amp; IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32618">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:54">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0669 ‼</strong><br><br><code>In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0669">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32619">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:56">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0655 ‼</strong><br><br><code>In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0655">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32620">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:58">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0659 ‼</strong><br><br><code>In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0659">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32621">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:59">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0656 ‼</strong><br><br><code>In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0656">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32622">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:15:59">
14:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-0666 ‼</strong><br><br><code>In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0666">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32623">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:16:00">
14:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-27024 ‼</strong><br><br><code>A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue is resolved in CD4PE 4.10.0</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32624">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:16:02">
14:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0623 ‼</strong><br><br><code>In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0623">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32625">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:16:03">
14:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-27023 ‼</strong><br><br><code>A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27023">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32626">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:16:05">
14:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0667 ‼</strong><br><br><code>In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670581; Issue ID: ALPS05670581.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0667">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32627">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:16:06">
14:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0672 ‼</strong><br><br><code>In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05969704; Issue ID: ALPS05969704.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0672">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32628">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:16:08">
14:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-0665 ‼</strong><br><br><code>In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0665">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32629">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:46:02">
14:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 SQLMAP - Automatic SQL Injection Tool 1.5.11 🛠</strong><br><br><code>sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user&apos;s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.</code><br><br><a href="https://packetstormsecurity.com/files/165013/sqlmap-1.5.11.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32630">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:46:05">
14:46
       </div>

       <div class="text">
<strong>🛠 Suricata IDPE 6.0.4 🛠</strong><br><br><code>Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It&apos;s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.</code><br><br><a href="https://packetstormsecurity.com/files/165015/suricata-6.0.4.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32631">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 14:46:07">
14:46
       </div>

       <div class="text">
<strong>🛠 Wireshark Analyzer 3.4.10 🛠</strong><br><br><code>Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/165014/wireshark-3.4.10.tar.xz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32632">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:15:48">
16:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-35534 ‼</strong><br><br><code>Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35534">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32633">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:15:51">
16:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-23167 ‼</strong><br><br><code>Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3); 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; version 8.20 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23167">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32634">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:15:54">
16:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-40758 ‼</strong><br><br><code>Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40758">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32635">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:15:55">
16:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-42524 ‼</strong><br><br><code>Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42524">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32636">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:15:57">
16:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-40761 ‼</strong><br><br><code>Adobe After Effects version 18.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40761">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32637">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:15:59">
16:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-40754 ‼</strong><br><br><code>Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40754">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32638">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:01">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40752 ‼</strong><br><br><code>Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40752">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32639">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:04">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40751 ‼</strong><br><br><code>Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40751">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32640">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:06">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-42266 ‼</strong><br><br><code>Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious FLA file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42266">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32641">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:07">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40757 ‼</strong><br><br><code>Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40757">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32642">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:10">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-42271 ‼</strong><br><br><code>Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32643">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:11">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-42272 ‼</strong><br><br><code>Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32644">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:13">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40733 ‼</strong><br><br><code>Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40733">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32645">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:15">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40759 ‼</strong><br><br><code>Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40759">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32646">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:17">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40760 ‼</strong><br><br><code>Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40760">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32647">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:19">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-42525 ‼</strong><br><br><code>Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42525">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32648">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:21">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-42269 ‼</strong><br><br><code>Adobe Animate version 21.0.9 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed FLA file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42269">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32649">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:23">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40755 ‼</strong><br><br><code>Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SGI file in the DoReadContinue function, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40755">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32650">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:25">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-23146 ‼</strong><br><br><code>An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1454 (MR3); 8.20 versions prior to 8.20.1291 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32651">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:16:28">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40753 ‼</strong><br><br><code>Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40753">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32652">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:18:51">
16:18
       </div>

       <div class="text">
<strong>❌ 3 Top Tools for Defending Against Phishing Attacks ❌</strong><br><br><code>Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.</code><br><br><a href="https://threatpost.com/tools-defending-phishing-attacks/176463/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32653">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 16:26:06">
16:26
       </div>

       <div class="text">
<strong>🦿 Windows 11 SE: Why it&apos;s both more and less locked down than Windows 10 S 🦿</strong><br><br><code>Managing computers for education is complicated, but Microsoft thinks it has a solution.</code><br><br><a href="https://www.techrepublic.com/article/windows-11-se-why-its-both-more-and-less-locked-down-than-windows-10-s/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32654">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 17:26:08">
17:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to install the OpenSSH server on Windows with PowerShell 🦿</strong><br><br><code>If you&apos;ve ever had a need to SSH into a Windows machine, Jack Wallen shows you how to make that possible with the help of PowerShell.</code><br><br><a href="https://www.techrepublic.com/article/how-to-install-the-openssh-server-on-windows-with-powershell/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32655">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 17:53:03">
17:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 California Pizza Kitchen Suffers Data Breach 🕴</strong><br><br><code>Personal data, including Social Security numbers, of more than 100K employees exposed.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/california-pizza-kitchen-suffers-data-breach">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32656">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 18:15:51">
18:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43017 ‼</strong><br><br><code>Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker could leverage this vulnerability to achieve denial of service in the context of the user. User interaction is required before product installation to abuse this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32657">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 18:15:53">
18:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-39920 ‼</strong><br><br><code>NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39920">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32658">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 18:15:54">
18:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-23193 ‼</strong><br><br><code>Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ; 8.40 versions prior to 8.40.2063 (MR4); 8.30 versions prior to 8.30.1454 (MR4) ; 8.20 versions prior to 8.20.1291 (MR6); version 8.10 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23193">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32659">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 18:15:55">
18:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-39928 ‼</strong><br><br><code>NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32660">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 18:15:56">
18:15
       </div>

       <div class="text">
<strong>‼ CVE-2021-23197 ‼</strong><br><br><code>Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048 (MR3) ;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23197">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32661">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 18:47:34">
18:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Ransomware Phishing Emails Sneak Through SEGs ❌</strong><br><br><code>The MICROP ransomware spreads via Google Drive and locally stored passwords.</code><br><br><a href="https://threatpost.com/ransomware-phishing-emails-segs/176470/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32662">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 19:23:13">
19:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Github cookie leakage – thousands of Firefox cookie files uploaded by mistake ⚠</strong><br><br><code>Be aware before you share! That&apos;s a good rule for developers and techies, just as much as it is for social media addicts.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/18/github-cookie-leakage-thousands-of-firefox-cookie-files-uploaded-by-mistake/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32663">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 19:53:20">
19:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Two Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 US Presidential Election 🕴</strong><br><br><code>An indictment was unsealed charging two Iranian nationals for their involvement in a cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord, in connection with the 2020 US presidential election.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/two-iranian-nationals-charged-for-cyber-enabled-disinformation-and-threat-campaign-designed-to-influence-the-2020-us-presidential-election">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32664">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 19:53:21">
19:53
       </div>

       <div class="text">
<strong>🕴 North Korean Hacking Group Targets Diplomats, Forgoes Malware 🕴</strong><br><br><code>The TA406 group uses credential harvesting to target diplomats and policy experts in the United States, Russia, China, and South Korea, rarely resorting to malware.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/north-korean-groups-focus-on-financial-gain-persistence">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32665">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 20:15:57">
20:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37322 ‼</strong><br><br><code>GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37322">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32666">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 20:53:24">
20:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Exchange Server Flaws Now Exploited for BEC Attacks 🕴</strong><br><br><code>Attackers also are deploying ProxyShell and abusing the vulnerabilities in stealthier manner, researchers say.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/attackers-now-exploiting-proxyshell-exchange-server-flaws-for-business-email-compromise">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32667">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 22:16:05">
22:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40129 ‼</strong><br><br><code>A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32668">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 22:16:07">
22:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40130 ‼</strong><br><br><code>A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32669">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 22:16:10">
22:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-41278 ‼</strong><br><br><code>Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AESâ€� transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. The app-functions-sdk exports an “aesâ€� transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may expects due to a broken implementation. Version v2.1.0 (EdgeX Foundry Jakarta release and later) of app-functions-sdk-go/v2 deprecates the “aesâ€� transform and provides an improved “aes256â€� transform in its place. The broken implementation will remain in a deprecated state until it is removed in the next EdgeX major release to avoid breakage of existing software that depends on the broken implementation. As the broken transform is a library function that is not invoked by default, users who do not use the AES transform in their processing pipelines are unaffected. Those that are affected are urged to upgrade to the Jakarta EdgeX release and modify processing pipelines to use the new &quot;aes256&quot; transform.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41278">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32670">

      <div class="body">

       <div class="pull_right date details" title="18.11.2021 22:16:14">
22:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-40131 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40131">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-957">

      <div class="body details">
19 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32671">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 01:53:38">
01:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Search CT Logs for Misconfigured SSL Certificates 🕴</strong><br><br><code>Security defenders can run these queries against Certificate Transparency logs to identify misconfigured SSL certificates before they can be used by adversaries to map out attacks.</code><br><br><a href="https://www.darkreading.com/dr-tech/search-ct-logs-for-misconfigured-ssl-certificates">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32672">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 03:16:24">
03:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44033 ‼</strong><br><br><code>In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44033">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32673">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 03:16:26">
03:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-44025 ‼</strong><br><br><code>Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment&apos;s filename extension when displaying a MIME type warning message.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44025">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32674">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 03:16:27">
03:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-44026 ‼</strong><br><br><code>Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44026">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32675">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 08:16:32">
08:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39233 ‼</strong><br><br><code>In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39233">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32676">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 08:16:33">
08:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39232 ‼</strong><br><br><code>In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39232">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32677">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 08:16:34">
08:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39236 ‼</strong><br><br><code>In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32678">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 08:16:36">
08:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-36372 ‼</strong><br><br><code>In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32679">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 08:16:38">
08:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-41532 ‼</strong><br><br><code>In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41532">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32680">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 08:16:39">
08:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39235 ‼</strong><br><br><code>In Apache Ozone before 1.2.0, Ozone Datanode doesn&apos;t check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39235">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32681">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 08:16:40">
08:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39231 ‼</strong><br><br><code>In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39231">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32682">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 08:16:41">
08:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-42338 ‼</strong><br><br><code>4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32683">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 08:16:42">
08:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39234 ‼</strong><br><br><code>In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39234">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32684">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 10:26:15">
10:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Iranian hackers charged with cybercrimes in connection with attempts to influence 2020 US Presidential Election 🗓️</strong><br><br><code>Pair were affiliated with group that tried to secure a win for Donald Trump</code><br><br><a href="https://portswigger.net/daily-swig/iranian-hackers-charged-with-cybercrimes-in-connection-with-attempts-to-influence-2020-us-presidential-election">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32685">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 10:26:16">
10:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-41436 ‼</strong><br><br><code>An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41436">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32686">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 10:26:17">
10:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-3950 ‼</strong><br><br><code>django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3950">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32687">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 10:29:17">
10:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-3974 ‼</strong><br><br><code>vim is vulnerable to Use After Free</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3974">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32688">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 10:32:18">
10:32
       </div>

       <div class="text">
<strong>‼ CVE-2021-3968 ‼</strong><br><br><code>vim is vulnerable to Heap-based Buffer Overflow</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3968">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32689">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 10:47:58">
10:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ California Pizza Kitchen Serves Up Employee SSNs in Data Breach ❌</strong><br><br><code>A hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said. </code><br><br><a href="https://threatpost.com/california-pizza-kitchen-employee-ssns-data-breach/176478/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32690">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 11:25:48">
11:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Friday Five 11/18 🔏</strong><br><br><code>The U.K shares some new ransomware statistics, the FBI warns about a new VPN zero day, and more - catch up on the infosec news of the week with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-11/18">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32691">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 11:57:25">
11:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ CKEditor vulnerabilities pose XSS threat to Drupal and other downstream applications 🗓️</strong><br><br><code>Attackers could bypass content sanitization with malformed HTML</code><br><br><a href="https://portswigger.net/daily-swig/ckeditor-vulnerabilities-pose-xss-threat-to-drupal-and-other-downstream-applications">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32692">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 11:59:20">
11:59
       </div>

       <div class="text">
<strong>🕴 Zero Trust: An Answer to the Ransomware Menace? 🕴</strong><br><br><code>Zero trust isn&apos;t a silver bullet, but if implemented well it can help create a much more robust security defense.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/zero-trust-an-answer-to-the-ransomware-menace-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32693">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 12:16:42">
12:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3920 ‼</strong><br><br><code>grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation (&apos;Cross-site Scripting&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3920">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32694">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 12:26:34">
12:26
       </div>

       <div class="text">
<strong>🦿 Policymakers want to regulate AI but lack consensus on how 🦿</strong><br><br><code>Commentary: AI is considered &quot;world changing&quot; by policymakers, but it&apos;s unclear how to ensure positive outcomes.</code><br><br><a href="https://www.techrepublic.com/article/policymakers-want-to-regulate-ai-but-lack-consensus-on-how/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32695">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 12:59:29">
12:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 To Beat Ransomware, Apply Zero Trust to Servers Too 🕴</strong><br><br><code>The path out of the ransomware crisis is full inspection and protection of all traffic flows. That means zero trust everywhere — even between servers.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/to-beat-ransomware-apply-zero-trust-to-servers-too">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32696">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 13:02:32">
13:02
       </div>

       <div class="text">
<strong>🗓️ Researcher finds SSRF bug in internal Google Cloud project, nabs $10,000 bug bounty 🗓️</strong><br><br><code>Now-patched API vulnerability allowed attacker to access sensitive resources</code><br><br><a href="https://portswigger.net/daily-swig/researcher-finds-ssrf-bug-in-internal-google-cloud-project-nabs-10-000-bug-bounty">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32697">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 14:23:18">
14:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36003 ‼</strong><br><br><code>Adobe Audition version 14.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32698">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 14:23:19">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-39353 ‼</strong><br><br><code>The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajax_add_form function found in the ~/includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32699">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 14:23:20">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42363 ‼</strong><br><br><code>The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42363">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32700">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 14:23:21">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-33850 ‼</strong><br><br><code>There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32701">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 14:23:23">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-22053 ‼</strong><br><br><code>Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22053">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32702">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 14:23:24">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-37592 ‼</strong><br><br><code>Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37592">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32703">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 14:23:25">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43408 ‼</strong><br><br><code>The Duplicate Post WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43408">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32704">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 14:23:26">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43409 ‼</strong><br><br><code>The &quot;WPO365 | LOGIN&quot; WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43409">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32705">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 14:23:27">
14:23
       </div>

       <div class="text">
<strong>🛠 Packet Fence 11.1.0 🛠</strong><br><br><code>PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.</code><br><br><a href="https://packetstormsecurity.com/files/165018/packetfence-11.1.0.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32706">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 14:48:12">
14:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years ❌</strong><br><br><code>Pen Test Partners didn&apos;t disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.</code><br><br><a href="https://threatpost.com/6m-sky-routers-exposed-18-months/176483/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32707">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:16:55">
16:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-29326 ‼</strong><br><br><code>OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29326">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32708">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:16:56">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39926 ‼</strong><br><br><code>Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32709">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:16:58">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-39924 ‼</strong><br><br><code>Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39924">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32710">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:16:59">
16:16
       </div>

       <div class="text">
<strong>‼ CVE-2021-29328 ‼</strong><br><br><code>OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29328">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32711">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:00">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-29329 ‼</strong><br><br><code>OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29329">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32712">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:01">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-39921 ‼</strong><br><br><code>NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39921">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32713">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:03">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-3962 ‼</strong><br><br><code>A flaw was found in ImageMagick 7.1.0-14 where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3962">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32714">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:04">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-39925 ‼</strong><br><br><code>Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39925">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32715">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:05">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-39929 ‼</strong><br><br><code>Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39929">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32716">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:06">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-29325 ‼</strong><br><br><code>OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29325">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32717">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:07">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22030 ‼</strong><br><br><code>In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22030">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32718">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:08">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-41569 ‼</strong><br><br><code>SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41569">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32719">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:09">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-29324 ‼</strong><br><br><code>OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29324">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32720">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:10">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-29327 ‼</strong><br><br><code>OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29327">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32721">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:12">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-29323 ‼</strong><br><br><code>OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-29323">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32722">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:13">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44036 ‼</strong><br><br><code>Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44036">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32723">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:14">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22028 ‼</strong><br><br><code>In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22028">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32724">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:16">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-39922 ‼</strong><br><br><code>Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39922">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32725">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:17">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-39923 ‼</strong><br><br><code>NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39923">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32726">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 16:17:18">
16:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44037 ‼</strong><br><br><code>Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44037">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32727">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 17:18:10">
17:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Iranians Charged in Cyberattacks Against U.S. 2020 Election ❌</strong><br><br><code>The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.</code><br><br><a href="https://threatpost.com/iranians-charged-cyberattacks-2020-election/176488/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32728">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:16:59">
18:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23433 ‼</strong><br><br><code>The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23433">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32729">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:00">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21898 ‼</strong><br><br><code>A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21898">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32730">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:01">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-41280 ‼</strong><br><br><code>Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service (SNS) notification token configured via the `sns_notification_token` configuration parameter. This configuration parameter is unset by default. The vulnerability has been patched in version 10.2.1. Users who are unable to upgrade should set the`sns_notification_token` configuration parameter to a secret value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41280">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32731">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:02">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-26262 ‼</strong><br><br><code>Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26262">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32732">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:03">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-40391 ‼</strong><br><br><code>An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40391">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32733">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:04">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21899 ‼</strong><br><br><code>A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21899">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32734">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:06">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22969 ‼</strong><br><br><code>Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . Please note that Cloud IAAS provider mis-configurations are not Concrete CMS vulnerabilities. A mitigation for this vulnerability is to make sure that the IMDS configurations are according to a cloud provider&apos;s best practices.This fix is also in Concrete version 9.0.0</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22969">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32735">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:07">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-21900 ‼</strong><br><br><code>A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21900">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32736">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:08">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22968 ‼</strong><br><br><code>A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it&apos;s possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the ability to upload restricted file types and execute them depending on server configuration.To fix this, a check for allowed file extensions was added before downloading files to a tmp directory.Concrete CMS Security Team gave this a CVSS v3.1 score of 5.4 AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:NThis fix is also in Concrete version 9.0.0</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22968">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32737">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:09">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-42744 ‼</strong><br><br><code>Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42744">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32738">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:11">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22965 ‼</strong><br><br><code>A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22965">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32739">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:12">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22951 ‼</strong><br><br><code>Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise users.Credit for discovery: &quot;Solar Security Research Team&quot;Concrete CMS security team CVSS scoring is 5.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis fix is also in Concrete version 9.0.0</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22951">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32740">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:13">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-42254 ‼</strong><br><br><code>BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42254">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32741">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:15">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22967 ‼</strong><br><br><code>In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in &quot;add / edit messageâ€�.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22967">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32742">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:16">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36884 ‼</strong><br><br><code>Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin &lt;= 1.1.5 versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36884">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32743">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:18">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-44038 ‼</strong><br><br><code>An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44038">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32744">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:19">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22970 ‼</strong><br><br><code>Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SSRF Mitigation Bypass through DNS RebindingConcrete CMS security team gave this a CVSS score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is maintaining Concrete version 8.5.x until 1 May 2022 for security fixes.This CVE is shared with HackerOne Reports https://hackerone.com/reports/1364797 and https://hackerone.com/reports/1360016Reporters: Adrian Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) and Bipul Jaiswal</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22970">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32745">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:20">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-26248 ‼</strong><br><br><code>Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26248">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32746">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:21">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-22966 ‼</strong><br><br><code>Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted &quot;view&quot; permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved. Concrete CMS Security team CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit for discovery: &quot;Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )&quot;This fix is also in Concrete version 9.0.0</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22966">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32747">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:17:23">
18:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-43555 ‼</strong><br><br><code>mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43555">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32748">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 18:29:47">
18:29
       </div>

       <div class="text">
<strong>🕴 3 Takeaways from the Gartner Risk Management Summit 🕴</strong><br><br><code>Security leaders can be treated as partners supporting the business and share accountability by establishing relationships with business stakeholders.</code><br><br><a href="https://www.darkreading.com/edge-articles/3-takeaways-from-the-gartner-risk-management-summit">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32749">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 19:08:27">
19:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back ♟️</strong><br><br><code>One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim&apos;s funds via Zelle, a &quot;peer-to-peer&quot; (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target&apos;s bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.</code><br><br><a href="https://krebsonsecurity.com/2021/11/the-zelle-fraud-scam-how-it-works-how-to-fight-back/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32750">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 19:59:58">
19:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 US Banks Will Be Required to Report Cyberattacks Within 36 Hours 🕴</strong><br><br><code>There is currently no specific time frame during which banks must report to federal regulators that a security incident had occurred. A new notification rules changes that to 36 hours.</code><br><br><a href="https://www.darkreading.com/risk/u-s-banks-will-be-required-to-report-cyberattacks-within-36-hours">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32751">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 20:17:03">
20:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-39198 ‼</strong><br><br><code>OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39198">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32752">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 20:26:49">
20:26
       </div>

       <div class="text">
<strong>🦿 8 advanced threats Kaspersky predicts for 2022 🦿</strong><br><br><code>Advanced threats constantly evolve. This year saw multiple examples of advanced persistent threats under the spotlight, allowing us to predict what threats might lead the future.</code><br><br><a href="https://www.techrepublic.com/article/8-advanced-threats-kaspersky-predicts-for-2022/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32753">

      <div class="body">

       <div class="pull_right date details" title="19.11.2021 20:26:50">
20:26
       </div>

       <div class="text">
<strong>🦿 Cisco partners with JupiterOne to enhance its SecureX product portfolio 🦿</strong><br><br><code>The new product, Cisco Secure Cloud Insights, offers cloud inventory tracking and relationship mapping to navigate public clouds as well as access rights management and security compliance reporting.</code><br><br><a href="https://www.techrepublic.com/article/cisco-partners-with-jupiterone-to-enhance-its-securex-product-portfolio/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-958">

      <div class="body details">
20 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32754">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:22">
03:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36321 ‼</strong><br><br><code>Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36321">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32755">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:23">
03:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36310 ‼</strong><br><br><code>Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x &amp; 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36310">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32756">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:24">
03:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36307 ‼</strong><br><br><code>Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36307">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32757">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:25">
03:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36308 ‼</strong><br><br><code>Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36308">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32758">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:26">
03:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36322 ‼</strong><br><br><code>Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36322">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32759">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:27">
03:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36320 ‼</strong><br><br><code>Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36320">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32760">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:28">
03:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36319 ‼</strong><br><br><code>Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36319">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32761">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:30">
03:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36340 ‼</strong><br><br><code>Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36340">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32762">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:31">
03:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-38681 ‼</strong><br><br><code>A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38681">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32763">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:32">
03:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-36306 ‼</strong><br><br><code>Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36306">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32764">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 03:17:33">
03:17
       </div>

       <div class="text">
<strong>‼ CVE-2021-34358 ‼</strong><br><br><code>We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32765">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:35">
23:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>📢 Protecting every edge to make hackers’ jobs harder, not yours 📢</strong><br><br><code>How to support and secure hybrid architectures</code><br><br><a href="https://www.itpro.co.uk/security/firewalls/361592/protecting-every-edge-to-make-hackers-jobs-harder-not-yours">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32766">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:36">
23:09
       </div>

       <div class="text">
<strong>📢 CISA unveils government cyber security response playbooks 📢</strong><br><br><code>Playbook follows President Biden&apos;s April executive order</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361593/cisa-unveils-government-cyber-security-response-playbooks">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32767">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:37">
23:09
       </div>

       <div class="text">
<strong>📢 UK and US pledge to punish cyber criminals at annual meeting 📢</strong><br><br><code>Intelligence and defence officials met at the annual forum to discuss approaches to cyber security for the years ahead</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361598/uk-and-us-pledge-to-punish-cyber-criminals-at-annual-meeting">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32768">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:38">
23:09
       </div>

       <div class="text">
<strong>📢 US gov initiative aims to attract &apos;world-class&apos; cyber security talent 📢</strong><br><br><code>The DHS wants to make it easier to recruit, develop, and retain top cyber security professionals</code><br><br><a href="https://www.itpro.co.uk/business-strategy/careers-training/361587/dhs-cyber-security-hiring-initiative">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32769">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:39">
23:09
       </div>

       <div class="text">
<strong>📢 What is HTTP error 503 and how do you fix it? 📢</strong><br><br><code>It may not always be obvious what&apos;s causing the issue, but there are steps you can take to get back online</code><br><br><a href="https://www.itpro.co.uk/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32770">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:40">
23:09
       </div>

       <div class="text">
<strong>📢 IT Pro News in Review: FBI hacked, Nvidia-ARM probe, IBM&apos;s &apos;most powerful&apos; quantum chip 📢</strong><br><br><code>Catch up on the biggest headlines of the week in just two minutes</code><br><br><a href="https://www.itpro.co.uk/security/cyber-security/361560/it-pro-news-in-review-fbi-hacked-nvidia-arm-ibm-quantum">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32771">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:42">
23:09
       </div>

       <div class="text">
<strong>📢 Best free malware removal tools 2021 📢</strong><br><br><code>Worried your device is infected? Here are the tools you need to get rid of malicious software</code><br><br><a href="https://www.itpro.co.uk/security/malware/28083/best-free-malware-removal-tools">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32772">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:43">
23:09
       </div>

       <div class="text">
<strong>📢 Out-of-hours ransomware attacks have a greater impact on revenue 📢</strong><br><br><code>Seven in ten security pros called in to handle attacks were intoxicated, report finds</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361591/out-of-hours-ransomware-attacks-have-a-greater-impact-on-revenue">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32773">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:44">
23:09
       </div>

       <div class="text">
<strong>📢 US, UK agencies warn Iran-backed hackers are targeting critical sectors 📢</strong><br><br><code>The state-sponsored APT groups exploited Fortinet and Microsoft Exchange flaws to gain access to systems</code><br><br><a href="https://www.itpro.co.uk/security/ransomware/361589/iran-backed-hackers-ransomware-critical-infrastructure-warning">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32774">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:45">
23:09
       </div>

       <div class="text">
<strong>📢 CISOs are missing holidays due to excessive overtime 📢</strong><br><br><code>Tessian research shows an alarming number of security leaders are sacrificing important areas of their life for the job</code><br><br><a href="https://www.itpro.co.uk/business-strategy/chief-information-security-officer-ciso/361590/ciso-missing-holidays-excessive-overtime">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32775">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:48">
23:09
       </div>

       <div class="text">
<strong>📢 Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box 📢</strong><br><br><code>An affordable security gateway that can take care of a wide range of security needs</code><br><br><a href="https://www.itpro.co.uk/security/361559/ubiquiti-networks-unifi-dream-machine-pro-review-all-the-security-you-need-in-one">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32776">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:48">
23:09
       </div>

       <div class="text">
<strong>📢 TikTok phishing campaign tried to scam over 125 influencer accounts 📢</strong><br><br><code>Hackers threatened to delete accounts over copyright violations</code><br><br><a href="https://www.itpro.co.uk/marketing-comms/social-media/361594/tiktok-phishing-campaign-tried-to-scam-over-125-influencer">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32777">

      <div class="body">

       <div class="pull_right date details" title="20.11.2021 23:09:50">
23:09
       </div>

       <div class="text">
<strong>📢 What is e-safety? 📢</strong><br><br><code>We explain what e-safety is and how it can be managed in schools and beyond</code><br><br><a href="https://www.itpro.co.uk/strategy/28709/what-is-e-safety">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-959">

      <div class="body details">
21 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32778">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.11.2021 14:18:51">
14:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-28710 ‼</strong><br><br><code>certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are presently set up to always be 4 levels deep. However, an IOMMU may require the use of just 3 page table levels. In such a configuration the lop level table needs to be stripped before inserting the root table&apos;s address into the hardware pagetable base register. When sharing page tables, Xen erroneously skipped this stripping. Consequently, the guest is able to write to leaf page table entries.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28710">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-960">

      <div class="body details">
22 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32779">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 09:55:50">
09:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Black Friday and Cyber Monday – here’s what you REALLY need to do! ⚠</strong><br><br><code>The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of they year?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/22/black-friday-and-cyber-monday-heres-what-you-really-need-to-do/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32780">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 10:34:13">
10:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Wind turbine giant Vestas confirms data breach following ‘cybersecurity incident’ 🗓️</strong><br><br><code>Danish company has also ‘initiated a gradual and controlled reopening of all IT systems’</code><br><br><a href="https://portswigger.net/daily-swig/wind-turbine-giant-vestas-confirms-data-breach-following-cybersecurity-incident">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32781">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 12:04:36">
12:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Why the &apos;Basement Hacker&apos; Stereotype Is Wrong — and Dangerous 🕴</strong><br><br><code>It engenders a false sense of superiority that spurs complacency among risk managers and executives, who in turn may underinvest in security teams, rely too much on automation, or both.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/why-the-basement-hacker-stereotype-is-wrong-and-dangerous">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32782">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:33">
14:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42737 ‼</strong><br><br><code>Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42737">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32783">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:35">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40772 ‼</strong><br><br><code>Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32784">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:36">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42733 ‼</strong><br><br><code>Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation vulnerability in the XDCAMSAM directory. An unauthenticated attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42733">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32785">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:38">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43015 ‼</strong><br><br><code>Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43015">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32786">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:40">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43016 ‼</strong><br><br><code>Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43016">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32787">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:41">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40773 ‼</strong><br><br><code>Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40773">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32788">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:43">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43559 ‼</strong><br><br><code>A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The &quot;delete related badge&quot; functionality did not include the necessary token check to prevent a CSRF risk.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43559">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32789">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:45">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-26614 ‼</strong><br><br><code>ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26614">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32790">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:47">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2020-7882 ‼</strong><br><br><code>Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. &apos;../../../&apos;)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7882">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32791">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:49">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-42727 ‼</strong><br><br><code>Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can upload arbitrary files outside of the intended directory to cause remote code execution with privileges of user running Tomcat. Exploitation of this issue requires user interaction in that a victim must navigate to a planted file on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42727">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32792">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:51">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-3935 ‼</strong><br><br><code>When PgBouncer is configured to use &quot;cert&quot; authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3935">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32793">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:53">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43558 ‼</strong><br><br><code>A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43558">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32794">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:55">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40771 ‼</strong><br><br><code>Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40771">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32795">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:56">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-43560 ‼</strong><br><br><code>A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users&apos; calendar action events.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43560">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32796">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:58">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40775 ‼</strong><br><br><code>Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40775">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32797">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:23:59">
14:23
       </div>

       <div class="text">
<strong>‼ CVE-2021-40770 ‼</strong><br><br><code>Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40770">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32798">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:24:00">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-42738 ‼</strong><br><br><code>Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32799">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:24:02">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-3943 ‼</strong><br><br><code>A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3943">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32800">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:24:04">
14:24
       </div>

       <div class="text">
<strong>‼ CVE-2021-40774 ‼</strong><br><br><code>Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40774">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32801">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:49:51">
14:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 OpenStego Free Steganography Solution 0.8.1 🛠</strong><br><br><code>OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).</code><br><br><a href="https://packetstormsecurity.com/files/165041/openstego-0.8.1.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32802">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:49:52">
14:49
       </div>

       <div class="text">
<strong>🛠 Hashcat Advanced Password Recovery 6.2.5 Binary Release 🛠</strong><br><br><code>Hashcat is an advanced GPU hash cracking utility that includes the World&apos;s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.</code><br><br><a href="https://packetstormsecurity.com/files/165043/hashcat-6.2.5.7z">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32803">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 14:49:53">
14:49
       </div>

       <div class="text">
<strong>🛠 Hashcat Advanced Password Recovery 6.2.5 Source Code 🛠</strong><br><br><code>Hashcat is an advanced GPU hash cracking utility that includes the World&apos;s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.</code><br><br><a href="https://packetstormsecurity.com/files/165042/hashcat-6.2.5.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32804">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 15:28:08">
15:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Mozilla has released a new platform for privacy-focused email communications 🦿</strong><br><br><code>When you don&apos;t want to give out your personal or work email address, but still need to sign up for an account, Mozilla might have an answer for you with Firefox Relay.</code><br><br><a href="https://www.techrepublic.com/article/mozilla-has-released-a-new-platform-for-privacy-focused-email-communications/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32805">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 16:20:09">
16:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-23673 ‼</strong><br><br><code>This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23673">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32806">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 16:20:13">
16:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-23732 ‼</strong><br><br><code>This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23732">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32807">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 16:20:16">
16:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-23718 ‼</strong><br><br><code>The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23718">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32808">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 16:20:20">
16:20
       </div>

       <div class="text">
<strong>‼ CVE-2019-5640 ‼</strong><br><br><code>Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user&apos;s session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5640">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32809">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 16:20:24">
16:20
       </div>

       <div class="text">
<strong>❌ Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover ❌</strong><br><br><code>CloudLinux&apos; security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.</code><br><br><a href="https://threatpost.com/linux-web-servers-imunify360-bug/176508/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32810">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 16:50:06">
16:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws ❌</strong><br><br><code>Exploiting Microsoft Exchange ProxyLogon &amp; ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.</code><br><br><a href="https://threatpost.com/attackers-hijack-email-threads-proxylogon-proxyshell/176496/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32811">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 16:58:08">
16:58
       </div>

       <div class="text">
<strong>🦿 Leaders agree that cybersecurity is a business risk, but are they acting on that belief? 🦿</strong><br><br><code>Despite nearly unanimous agreement, there&apos;s still a lack of clarity on who is accountable for security incidents and whether previous security investments have paid off, a Gartner survey finds.</code><br><br><a href="https://www.techrepublic.com/article/leaders-agree-that-cybersecurity-is-a-business-risk-but-are-they-acting-on-that-belief/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32812">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 17:20:05">
17:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches ❌</strong><br><br><code>Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season.</code><br><br><a href="https://threatpost.com/online-merchants-fraudsters-holiday-grinches/176513/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32813">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 17:35:00">
17:35
       </div>

       <div class="text">
<strong>🕴 10 Stocking Stuffers for Security Geeks 🕴</strong><br><br><code>Check out our list of gifts with a big impact for hackers and other techie security professionals.</code><br><br><a href="https://www.darkreading.com/endpoint/10-stocking-stuffers-for-security-geeks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32814">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 17:57:52">
17:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 What&apos;s the Biggest Healthcare Security Threat for 2021 And Beyond? 🔏</strong><br><br><code>We asked 21 cybersecurity experts and healthcare executives what the biggest security threat they&apos;re facing in 2021 and beyond is.</code><br><br><a href="https://digitalguardian.com/blog/whats-biggest-healthcare-security-threat-2021-and-beyond">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32815">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 18:19:58">
18:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-42707 ‼</strong><br><br><code>PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42707">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32816">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 18:20:00">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-42705 ‼</strong><br><br><code>PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42705">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32817">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 18:20:01">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-38448 ‼</strong><br><br><code>The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38448">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32818">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 18:20:03">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-44143 ‼</strong><br><br><code>A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44143">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32819">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 18:28:10">
18:28
       </div>

       <div class="text">
<strong>🦿 GoDaddy security breach impacts more than 1 million WordPress users 🦿</strong><br><br><code>The hosting company has revealed a security incident that exposed the email addresses and customer numbers of 1.2 million Managed WordPress customers.</code><br><br><a href="https://www.techrepublic.com/article/godaddy-security-breach-impacts-more-than-1-million-wordpress-users/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32820">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 19:08:35">
19:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ Arrest in ‘Ransom Your Employer’ Email Scheme ♟️</strong><br><br><code>In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer&apos;s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme -- a young man who said he was trying to save up money to help fund a new social network.</code><br><br><a href="https://krebsonsecurity.com/2021/11/arrest-in-ransom-your-employer-email-scheme/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32821">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 19:20:09">
19:20
       </div>

       <div class="text">
<strong>❌ GoDaddy’s Latest Breach Affects 1.2M Customers ❌</strong><br><br><code>The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.</code><br><br><a href="https://threatpost.com/godaddys-latest-breach-customers/176530/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32822">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 19:28:11">
19:28
       </div>

       <div class="text">
<strong>🦿 How to install and use InVID, a plugin to debunk fake news and verify videos and images 🦿</strong><br><br><code>You can make sure you aren&apos;t seeing fake news, edited photos or deepfakes with this software. Here&apos;s how to install and use it.</code><br><br><a href="https://www.techrepublic.com/article/how-to-install-and-use-invid-a-plugin-to-debunk-fake-news-and-verify-videos-and-images/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32823">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 19:35:21">
19:35
       </div>

       <div class="text">
<strong>🕴 Bug Bounties Surge as Firms Compete for Talent 🕴</strong><br><br><code>Companies such as GItLab, which today increased its payment for critical bugs by 75%, are raising bounties and bonuses to attract top-notch researchers.</code><br><br><a href="https://www.darkreading.com/application-security/bug-bounties-surge-as-firms-compete-for-talent">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32824">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 19:35:22">
19:35
       </div>

       <div class="text">
<strong>🕴 CISA Urges Critical Infrastructure to Be Alert for Holiday Threats 🕴</strong><br><br><code>CISA and the FBI share steps organizations should take to better protect against security threats during holidays and weekends.</code><br><br><a href="https://www.darkreading.com/endpoint/cisa-urges-critical-infrastructure-to-be-alert-for-holiday-threats">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32825">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 20:20:06">
20:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44147 ‼</strong><br><br><code>An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44147">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32826">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 20:20:08">
20:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-44144 ‼</strong><br><br><code>Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44144">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32827">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 20:20:09">
20:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-44150 ‼</strong><br><br><code>The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44150">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32828">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 20:20:10">
20:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-32004 ‼</strong><br><br><code>This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32829">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 21:05:18">
21:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 GoDaddy Breach Exposes SSL Keys of Managed WordPress Hosting Customers 🕴</strong><br><br><code>The incident, which affected 1.2 million users, raises concerns about domain impersonation attacks and other malicious activities.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/godaddy-breach-exposes-ssl-keys-of-managed-wordpress-hosting-customers">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32830">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 21:56:47">
21:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ GoDaddy admits to password breach: check your Managed WordPress site! ⚠</strong><br><br><code>GoDaddy found crooks in its network, and kicked them out - but not before they&apos;d been in there for six weeks.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/23/godaddy-admits-to-password-breach-check-your-managed-wordpress-site/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32831">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 21:56:48">
21:56
       </div>

       <div class="text">
<strong>⚠ Black Friday and Cyber Monday – here’s what you REALLY need to do! ⚠</strong><br><br><code>The world fills up with cybersecurity tips every year when Black Friday comes round. But what about the rest of the year?</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/22/black-friday-and-cyber-monday-heres-what-you-really-need-to-do/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32832">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 22:20:08">
22:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-40830 ‼</strong><br><br><code>The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host&apos;s trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker&apos;s data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user&apos;s private keys to authenticate against the MQTT broker. The &apos;aws_tls_ctx_options_override_default_trust_store_*&apos; function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40830">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32833">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 22:20:11">
22:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-40828 ‼</strong><br><br><code>Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.3.3 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.5.18 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Microsoft Windows.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40828">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32834">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 22:20:13">
22:20
       </div>

       <div class="text">
<strong>‼ CVE-2020-22719 ‼</strong><br><br><code>Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32835">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 22:20:16">
22:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-40829 ‼</strong><br><br><code>Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40829">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32836">

      <div class="body">

       <div class="pull_right date details" title="22.11.2021 22:20:18">
22:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-40831 ‼</strong><br><br><code>The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overriddenâ€�. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host&apos;s trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker&apos;s data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user&apos;s private keys to authenticate against the MQTT broker. The &apos;aws_tls_ctx_options_override_default_trust_store_*&apos; function within the aws-c-io submodule has been updated to address this behavior. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.7.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.14.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.6.0 on macOS. Amazon Web Services AWS-C-IO 0.10.7 on macOS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40831">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-961">

      <div class="body details">
23 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32837">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 11:04:01">
11:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ GoDaddy managed WordPress hosting service breach exposed 1.2m user profiles 🗓️</strong><br><br><code>External investigation finds breach dates back more than two months</code><br><br><a href="https://portswigger.net/daily-swig/godaddy-managed-wordpress-hosting-service-breach-exposed-1-2m-user-profiles">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32838">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 11:56:24">
11:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Check your patches – public exploit now out for critical Exchange bug ⚠</strong><br><br><code>It was a zero-day bug until Patch Tuesday, now there&apos;s an anyone-can-use-it exploit. Don&apos;t be the one who hasn&apos;t patched.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/23/check-your-patches-public-exploit-now-out-for-critical-exchange-bug/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32839">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 11:59:23">
11:59
       </div>

       <div class="text">
<strong>🦿 US government warns of increased ransomware threats during Thanksgiving 🦿</strong><br><br><code>Though the feds haven&apos;t identified any specific known threats, criminals are prone to strike when key employees are traveling or spending time with family and friends.</code><br><br><a href="https://www.techrepublic.com/article/us-government-warns-of-increased-ransomware-threats-during-thanksgiving/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32840">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 11:59:25">
11:59
       </div>

       <div class="text">
<strong>🦿 If you&apos;re serious about privacy, it&apos;s time to use DuckDuckGo as your default Android browser 🦿</strong><br><br><code>Third-party app trackers have become a real problem on Android, and DuckDuckGo is doing something about it. Find out why Jack Wallen believes this is the browser you need to use.</code><br><br><a href="https://www.techrepublic.com/article/if-youre-serious-about-privacy-its-time-to-use-duck-duck-go-as-your-default-android-browser/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32841">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 12:06:17">
12:06
       </div>

       <div class="text">
<strong>🕴 How Sun Tzu&apos;s Wisdom Can Rewrite the Rules of Cybersecurity 🕴</strong><br><br><code>The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/how-sun-tzu-s-wisdom-can-rewrite-the-rules-of-cybersecurity">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32842">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 13:04:12">
13:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Research has come a long way, but gaps remain – security researcher Artur Janc on the state of XS-Leaks 🗓️</strong><br><br><code>‘By focusing on XS-Leaks as a fundamental vulnerability class, we help raise their profile and make it easier for developers to understand their impact’</code><br><br><a href="https://portswigger.net/daily-swig/research-has-come-a-long-way-but-gaps-remain-security-researcher-artur-janc-on-the-state-of-xs-leaks">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32843">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 13:58:57">
13:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Dump Chrome as your default browser on Android 🦿</strong><br><br><code>Jack Wallen tells us why Android users should switch from Chrome as their default browsers.</code><br><br><a href="https://www.techrepublic.com/videos/dump-chrome-as-your-default-browser-on-android/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32844">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:20:49">
14:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-37004 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32845">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:20:50">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-37012 ‼</strong><br><br><code>There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37012">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32846">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:20:51">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-37034 ‼</strong><br><br><code>There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37034">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32847">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:20:52">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-22410 ‼</strong><br><br><code>There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22410">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32848">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:20:53">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-37019 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32849">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:20:54">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-39976 ‼</strong><br><br><code>There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39976">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32850">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:20:56">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-37003 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32851">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:20:57">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-37025 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37025">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32852">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:20:58">
14:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-37024 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37024">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32853">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:00">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37006 ‼</strong><br><br><code>There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37006">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32854">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:01">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37017 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32855">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:03">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37007 ‼</strong><br><br><code>There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37007">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32856">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:04">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37026 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37026">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32857">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:06">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37031 ‼</strong><br><br><code>There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37031">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32858">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:07">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-20601 ‼</strong><br><br><code>Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20601">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32859">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:09">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37029 ‼</strong><br><br><code>There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37029">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32860">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:10">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37102 ‼</strong><br><br><code>There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37102">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32861">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:13">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37005 ‼</strong><br><br><code>There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37005">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32862">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:14">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-35052 ‼</strong><br><br><code>A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35052">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32863">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:21:16">
14:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37022 ‼</strong><br><br><code>There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32864">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 14:34:42">
14:34
       </div>

       <div class="text">
<strong>🗓️ Microsoft unveils ‘Super Duper Secure Mode’ in latest version of Edge 🗓️</strong><br><br><code>Browser goes further to protect against bugs by disabling JIT</code><br><br><a href="https://portswigger.net/daily-swig/microsoft-unveils-super-duper-secure-mode-in-latest-version-of-edge">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32865">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 16:36:52">
16:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Holiday Scams Drive SMS Phishing Attacks 🕴</strong><br><br><code>Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/holiday-scams-drive-sms-phishing-attacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32866">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:20:52">
18:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36333 ‼</strong><br><br><code>Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32867">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:20:53">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24812 ‼</strong><br><br><code>The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24812">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32868">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:20:54">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-21561 ‼</strong><br><br><code>Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32869">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:20:55">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-36313 ‼</strong><br><br><code>Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application&apos;s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36313">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32870">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:20:57">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-24892 ‼</strong><br><br><code>Insecure Direct Object Reference in edit function of Advanced Forms (Free &amp; Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user&apos;s email address and request for reset password, which could lead to take over of WordPress&apos;s administrator account. To exploit this vulnerability, an attacker must register to obtain a valid WordPress&apos;s user and use such user to authenticate with WordPress in order to exploit the vulnerable edit function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24892">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32871">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:20:59">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-36314 ‼</strong><br><br><code>Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36314">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32872">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:20:59">
18:20
       </div>

       <div class="text">
<strong>‼ CVE-2021-38875 ‼</strong><br><br><code>IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32873">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:01">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-25986 ‼</strong><br><br><code>In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25986">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32874">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:02">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24641 ‼</strong><br><br><code>The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24641">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32875">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:03">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-43019 ‼</strong><br><br><code>Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32876">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:05">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24891 ‼</strong><br><br><code>The Elementor Website Builder WordPress plugin before 3.1.4 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24891">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32877">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:06">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-3672 ‼</strong><br><br><code>A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3672">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32878">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:07">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24830 ‼</strong><br><br><code>The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24830">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32879">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:08">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24700 ‼</strong><br><br><code>The Forminator WordPress plugin before 1.15.4 does not sanitize and escape the email field label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24700">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32880">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:10">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-36301 ‼</strong><br><br><code>Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36301">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32881">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:11">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-38891 ‼</strong><br><br><code>IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38891">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32882">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:12">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-38980 ‼</strong><br><br><code>IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38980">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32883">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:13">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-24875 ‼</strong><br><br><code>The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32884">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:15">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-31852 ‼</strong><br><br><code>A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31852">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32885">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:21:17">
18:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-36332 ‼</strong><br><br><code>Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36332">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32886">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 18:28:45">
18:28
       </div>

       <div class="text">
<strong>🦿 How to identify social media misinformation and protect your business 🦿</strong><br><br><code>Social media has become an integral part of modern communications, providing valuable information to businesses and individuals. Unfortunately, some of that information is just plain wrong or misleading.</code><br><br><a href="https://www.techrepublic.com/article/how-to-identify-social-media-misinformation-and-protect-your-business/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32887">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 19:06:58">
19:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Apple Sues NSO Group for Spyware Use 🕴</strong><br><br><code>The company seeks to hold Israeli firm NSO Group liable for the targeting of Apple users and requests a permanent injunction to ban its use of Apple products and services.</code><br><br><a href="https://www.darkreading.com/endpoint/apple-sues-israel-s-nso-group-for-spyware-use">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32888">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 19:37:00">
19:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New Android Spyware Variants Linked to Middle Eastern APT 🕴</strong><br><br><code>The new variants, improved for stealth and persistence, share code with other malware samples attributed to the C-23 APT.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/new-android-spyware-variants-linked-to-middle-eastern-apt">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32889">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:11">
20:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2018-13951 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13951">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32890">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:12">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2018-13933 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13933">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32891">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:13">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2018-13880 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13880">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32892">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:13">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2015-9086 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9086">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32893">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:15">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2015-9080 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9080">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32894">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:19">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2018-13890 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13890">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32895">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:20">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2018-11992 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11992">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32896">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:21">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2015-9082 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9082">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32897">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:23">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2015-9117 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9117">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32898">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:24">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2015-9079 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9079">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32899">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:25">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2018-11848 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11848">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32900">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:26">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-38004 ‼</strong><br><br><code>Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32901">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:27">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2018-11839 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11839">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32902">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:29">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2018-11997 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11997">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32903">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:29">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-37998 ‼</strong><br><br><code>Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37998">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32904">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:31">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2018-13931 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13931">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32905">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:32">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2015-9076 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9076">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32906">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:33">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2021-38002 ‼</strong><br><br><code>Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32907">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:34">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2018-11896 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11896">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32908">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:21:35">
20:21
       </div>

       <div class="text">
<strong>‼ CVE-2015-9155 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9155">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32909">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:26">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2015-9078 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9078">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32910">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:28">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13921 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13921">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32911">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:30">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-11957 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11957">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32912">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:32">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13883 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13883">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32913">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:34">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2017-8232 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8232">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32914">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:35">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13950 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13950">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32915">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:37">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13957 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13957">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32916">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:38">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13881 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13881">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32917">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:39">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13956 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13956">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32918">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:42">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-42784 ‼</strong><br><br><code>OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42784">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32919">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:43">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13922 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13922">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32920">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:44">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13949 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13949">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32921">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:45">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13953 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13953">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32922">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:46">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2015-9121 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9121">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32923">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:48">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13965 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13965">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32924">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:49">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-11885 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11885">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32925">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:50">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-13964 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13964">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32926">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:51">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-12008 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12008">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32927">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:52">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2018-11900 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11900">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32928">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:29:53">
20:29
       </div>

       <div class="text">
<strong>‼ CVE-2015-9092 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9092">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32929">

      <div class="body">

       <div class="pull_right date details" title="23.11.2021 20:37:08">
20:37
       </div>

       <div class="text">
<strong>🕴 Baffle&apos;s Data Privacy Cloud Protects Data for Amazon Redshift Customers 🕴</strong><br><br><code>Amazon Redshift customers can use Baffle’s Data Privacy Cloud to secure the data pipeline as source data is migrated to Redshift and used for data analytics.</code><br><br><a href="https://www.darkreading.com/dr-tech/baffle-data-privacy-cloud-protects-data-for-amazon-redshift-customers">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-962">

      <div class="body details">
24 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32930">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 10:26:46">
10:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44140 ‼</strong><br><br><code>Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32931">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 10:26:47">
10:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-40369 ‼</strong><br><br><code>A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim&apos;s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40369">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32932">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 11:06:28">
11:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ VMware addresses SSRF, arbitrary file read flaws in vCenter Server 🗓️</strong><br><br><code>‘Important’ severity flaws both reside in the vSphere Web Client</code><br><br><a href="https://portswigger.net/daily-swig/vmware-addresses-ssrf-arbitrary-file-read-flaws-in-vcenter-server">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32933">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 11:21:22">
11:21
       </div>

       <div class="text">
<strong>❌ Attackers Actively Target Windows Installer Zero-Day ❌</strong><br><br><code>Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month.</code><br><br><a href="https://threatpost.com/attackers-target-windows-installer-bug/176558/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32934">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 11:34:43">
11:34
       </div>

       <div class="text">
<strong>🗓️ Cyberstalking study: UK residents most accepting of spyware to track partners’ movements 🗓️</strong><br><br><code>Report from cybersecurity firm Kaspersky reveals worrying attitudes towards spyware usage</code><br><br><a href="https://portswigger.net/daily-swig/cyberstalking-study-uk-residents-most-accepting-of-spyware-to-track-partners-movements">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32935">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 12:08:05">
12:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 When Will Security Frameworks Catch Up With the New Cybersecurity Normal? 🕴</strong><br><br><code>Standards need to reflect that most endpoints will be remote and/or wireless.</code><br><br><a href="https://www.darkreading.com/endpoint/when-will-security-frameworks-catch-up-with-the-new-cybersecurity-normal-">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32936">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 12:59:12">
12:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 DG Insights to Help Leaders Assess DLP Effectiveness 🔏</strong><br><br><code>Digital Guardian&apos;s Managed Security Program customers can now receive a weekly email that gives further insight into their organization&apos;s data movement.</code><br><br><a href="https://digitalguardian.com/blog/dg-insights-help-leaders-assess-dlp-effectiveness">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32937">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 12:59:13">
12:59
       </div>

       <div class="text">
<strong>🦿 Apple needs to un-Mac-ify security and privacy in Safari 🦿</strong><br><br><code>Safari is a good browser, but it could be better. Unfortunately, one area that requires improvement is the un-Mac-ifying of the privacy settings. Find out what Jack Wallen means by this.</code><br><br><a href="https://www.techrepublic.com/article/apple-needs-to-un-mac-ify-security-and-privacy-in-safari/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32938">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 13:05:14">
13:05
       </div>

       <div class="text">
<strong>🗓️ Decrypting diversity: One in five UK infosec professionals say they’ve experienced discrimination at work 🗓️</strong><br><br><code>Report states diversity and inclusion within the industry is lagging behind</code><br><br><a href="https://portswigger.net/daily-swig/decrypting-diversity-one-in-five-uk-infosec-professionals-say-theyve-experienced-discrimination-at-work">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32939">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 13:22:21">
13:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Apple’s NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker ❌</strong><br><br><code>Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company&apos;s woes.</code><br><br><a href="https://threatpost.com/apple-nso-lawsuit-pegasus-spyware/176565/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32940">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 13:22:22">
13:22
       </div>

       <div class="text">
<strong>❌ GoDaddy Breach Widens to Include Reseller Subsidiaries ❌</strong><br><br><code>Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen.</code><br><br><a href="https://threatpost.com/godaddy-breach-widens-reseller-subsidiaries/176575/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32941">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 13:57:11">
13:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 GNU Privacy Guard 2.2.33 🛠</strong><br><br><code>GnuPG (the GNU Privacy Guard or GPG) is GNU&apos;s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.</code><br><br><a href="https://packetstormsecurity.com/files/165072/gnupg-2.2.33.tar.bz2">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32942">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 13:57:11">
13:57
       </div>

       <div class="text">
<strong>⚠ GoDaddy admits to password breach: check your Managed WordPress site! ⚠</strong><br><br><code>GoDaddy found crooks in its network, and kicked them out - but not before they&apos;d been in there for six weeks.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/23/godaddy-admits-to-password-breach-check-your-managed-wordpress-site/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32943">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 13:57:13">
13:57
       </div>

       <div class="text">
<strong>⚠ Check your patches – public exploit now out for critical Exchange bug ⚠</strong><br><br><code>It was a zero-day bug until Patch Tuesday, now there&apos;s an anyone-can-use-it exploit. Don&apos;t be the one who hasn&apos;t patched.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/23/check-your-patches-public-exploit-now-out-for-critical-exchange-bug/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32944">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:26:56">
14:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-20840 ‼</strong><br><br><code>Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20840">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32945">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:26:58">
14:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-20843 ‼</strong><br><br><code>Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20843">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32946">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:26:59">
14:26
       </div>

       <div class="text">
<strong>‼ CVE-2021-3554 ‼</strong><br><br><code>Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3554">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32947">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:00">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20845 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20845">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32948">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:01">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-43780 ‼</strong><br><br><code>Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library directly. Users should upgrade to version 10.0.1 to receive this patch. There are a few workarounds for mitigating the vulnerability without upgrading. One can disable the vulnerable data sources entirely, by adding the following env variable to one&apos;s configuration, making them unavailable inside the webapp. One can switch any data source of certain types (viewable in the GitHub Security Advisory) to be `View Only` for all groups on the Settings &gt; Groups &gt; Data Sources screen. For users unable to update an admin may modify Redash&apos;s configuration through environment variables to mitigate this issue. Depending on the version of Redash, an admin may also need to run a CLI command to re-encrypt some fields in the database. The `master` and `release/10.x.x` branches as of time of publication have removed the default value for `REDASH_COOKIE_SECRET`. All future releases will also require this to be set explicitly. For existing installations, one will need to ensure that explicit values are set for the `REDASH_COOKIE_SECRET` and `REDASH_SECRET_KEY `variables.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43780">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32949">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:03">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-32037 ‼</strong><br><br><code>An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32037">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32950">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:05">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20848 ‼</strong><br><br><code>Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 allows a remote attacker to inject an arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20848">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32951">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:06">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20844 ‼</strong><br><br><code>Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20844">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32952">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:07">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20841 ‼</strong><br><br><code>Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20841">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32953">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:08">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20846 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20846">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32954">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:10">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20835 ‼</strong><br><br><code>Improper authorization in handler for custom URL scheme vulnerability in Android App &apos;Mercari (Merpay) - Marketplace and Mobile Payments App&apos; (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account&apos;s access token being obtained.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20835">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32955">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:11">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-31822 ‼</strong><br><br><code>When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31822">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32956">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:12">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-41192 ‼</strong><br><br><code>Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. This issue only affects installations where the `REDASH_COOKIE_SECRET or REDASH_SECRET_KEY` environment variables have not been explicitly set. This issue does not affect users of the official Redash cloud images, Redash&apos;s Digital Ocean marketplace droplets, or the scripts in the `getredash/setup` repository. These instances automatically generate unique secret keys during installation. One can verify whether one&apos;s instance is affected by checking the value of the `REDASH_COOKIE_SECRET` environment variable. If it is `c292a0a3aa32397cdb050e233733900f`, should follow the steps to secure the instance, outlined in the GitHub Security Advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41192">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32957">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:13">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-3553 ‼</strong><br><br><code>A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32958">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:15">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-3552 ‼</strong><br><br><code>A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3552">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32959">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:16">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20850 ‼</strong><br><br><code>PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32960">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:17">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-43777 ‼</strong><br><br><code>Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43777">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32961">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:27:18">
14:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-20842 ‼</strong><br><br><code>Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20842">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32962">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 14:51:24">
14:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery ❌</strong><br><br><code>A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices.</code><br><br><a href="https://threatpost.com/9m-androids-malware-games-huawei-appgallery/176581/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32963">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 15:26:54">
15:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ US government securities watchdog spoofed by investment scammers – don’t fall for it! ⚠</strong><br><br><code>Those numbers that show up on your phone to tell you who&apos;s calling? Treat them as SUGGESTIONS, never as PROOF.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/24/us-government-securities-watchdog-spoofed-by-investment-scammers-dont-fall-for-it/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32964">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 15:38:35">
15:38
       </div>

       <div class="text">
<strong>🕴 In Appreciation: Dark Reading&apos;s Tim Wilson 🕴</strong><br><br><code>Dark Reading co-founder and editor-in-chief Tim Wilson passed away on Nov. 23.</code><br><br><a href="https://www.darkreading.com/careers-and-people/in-appreciation-tim-wilson">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32965">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 16:27:02">
16:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43268 ‼</strong><br><br><code>An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43268">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32966">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 16:27:03">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-34424 ‼</strong><br><br><code>A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product&apos;s memory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34424">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32967">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 16:27:04">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-22049 ‼</strong><br><br><code>The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22049">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32968">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 16:27:05">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-21980 ‼</strong><br><br><code>The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21980">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32969">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 16:27:07">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-34423 ‼</strong><br><br><code>A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI before version 5.8.4, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34423">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32970">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 16:27:09">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-36917 ‼</strong><br><br><code>WordPress Hide My WP plugin (versions &lt;= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32971">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 16:27:10">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-36916 ‼</strong><br><br><code>The SQL injection vulnerability in the Hide My WP WordPress plugin (versions &lt;= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function &quot;hmwp_get_user_ip&quot; tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as &quot;X-Forwarded-For.&quot; As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36916">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32972">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 16:27:11">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-38873 ‼</strong><br><br><code>IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38873">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32973">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 18:08:28">
18:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Threat Actors Get into OT Systems 🕴</strong><br><br><code>The convergence and integration of OT and IT has resulted in a growing number of cyber risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.</code><br><br><a href="https://www.darkreading.com/edge-articles/how-threat-actors-get-into-ot-systems">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32974">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 18:27:40">
18:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-41267 ‼</strong><br><br><code>Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the &quot;trusted_headers&quot; allowed list are ignored and protect users from &quot;Cache poisoning&quot; attacks. In Symfony 5.2, maintainers added support for the `X-Forwarded-Prefix` headers, but this header was accessible in SubRequest, even if it was not part of the &quot;trusted_headers&quot; allowed list. An attacker could leverage this opportunity to forge requests containing a `X-Forwarded-Prefix` header, leading to a web cache poisoning issue. Versions 5.3.12 and later have a patch to ensure that the `X-Forwarded-Prefix` header is not forwarded to subrequests when it is not trusted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41267">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32975">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 18:27:41">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-41270 ‼</strong><br><br><code>Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection. In Symfony 4.1, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\t`. Since then, OWASP added 2 chars in that list: Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\t`) part of the vulnerable characters, and OWASP suggests using the single quote `&apos;` for prefixing the value. Starting with versions 4.4.34 and 5.3.12, Symfony now follows the OWASP recommendations and uses the single quote `&apos;` to prefix formulas and add the prefix to cells starting by `\t`, `\r` as well as `=`, `+`, `-` and `@`.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32976">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 18:27:41">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-41268 ‼</strong><br><br><code>Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie in version 5.3.0, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a valid remember me cookie. Starting with version 5.3.12, Symfony makes the password part of the signature by default. In that way, when the password changes, then the cookie is not valid anymore.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41268">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32977">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 18:27:42">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-43778 ‼</strong><br><br><code>Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43778">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32978">

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 18:27:43">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2021-22957 ‼</strong><br><br><code>A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22957">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32979">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2021 22:27:43">
22:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44219 ‼</strong><br><br><code>Gin-Vue-Admin before 2.4.6 mishandles a SQL database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44219">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-963">

      <div class="body details">
25 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32980">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2021 03:30:11">
03:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Get 1,000 hours of cybersecurity training for $21 this Black Friday 🦿</strong><br><br><code>Stay up to date for a lifetime with this cybersecurity training bundle with more than 1,000 hours of instruction.</code><br><br><a href="https://www.techrepublic.com/article/get-1000-hours-of-cybersecurity-training-for-21-this-black-friday/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32981">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2021 09:35:10">
09:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Data breach at New Mexico healthcare business impacts 62,000 state residents 🗓️</strong><br><br><code>True Health New Mexico was hit by a cyber-attack in October</code><br><br><a href="https://portswigger.net/daily-swig/data-breach-at-new-mexico-healthcare-business-impacts-62-000-state-residents">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32982">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2021 09:57:15">
09:57
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast] ⚠</strong><br><br><code>Latest episode - listen now! Solid cybersecurity advice in plain English.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/25/s3-ep60-exchange-exploit-godaddy-breach-and-cookies-made-public-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32983">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2021 11:05:13">
11:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ WordPress security plugin Hide My WP addresses SQL injection, deactivation flaws 🗓️</strong><br><br><code>Bugs deemed ‘very easy to exploit as they require no prerequisites’</code><br><br><a href="https://portswigger.net/daily-swig/wordpress-security-plugin-hide-my-wp-addresses-sql-injection-deactivation-flaws">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32984">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2021 13:22:04">
13:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ New Twists on Gift-Card Scams Flourish on Black Friday ❌</strong><br><br><code>Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday.</code><br><br><a href="https://threatpost.com/new-twists-on-gift-card-scams-flourish-on-black-friday/176593/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32985">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2021 14:05:16">
14:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ New differential fuzzing tool reveals novel HTTP request smuggling techniques 🗓️</strong><br><br><code>White paper systematically examines the attack while showcasing a ‘laundry list’ of new flaws</code><br><br><a href="https://portswigger.net/daily-swig/new-differential-fuzzing-tool-reveals-novel-http-request-smuggling-techniques">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32986">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2021 14:28:33">
14:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44223 ‼</strong><br><br><code>WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44223">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32987">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2021 22:30:22">
22:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44225 ‼</strong><br><br><code>In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44225">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-964">

      <div class="body details">
26 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message32988">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 08:35:37">
08:35
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Maritime giant Swire Pacific Offshore suffers data breach following cyber-attack 🗓️</strong><br><br><code>Organization said it suffered ‘unauthorized access’ to systems</code><br><br><a href="https://portswigger.net/daily-swig/maritime-giant-swire-pacific-offshore-suffers-data-breach-following-cyber-attack">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32989">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 11:05:41">
11:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Microsoft pushes ahead with controversial ‘buy now, pay later’ feature for Edge browser 🗓️</strong><br><br><code>‘It’s like you’re recapitulating the worst IE browser extensions and installing them by default’, grumbles one user</code><br><br><a href="https://portswigger.net/daily-swig/microsoft-pushes-ahead-with-controversial-buy-now-pay-later-feature-for-edge-browser">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32990">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 12:29:49">
12:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-38686 ‼</strong><br><br><code>An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38686">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32991">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 12:29:50">
12:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-38685 ‼</strong><br><br><code>A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32992">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 13:05:44">
13:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Ukrainian police expose international phone-hacking gang 🗓️</strong><br><br><code>‘Phoenix’ group laid low following seizure of computing equipment and stolen devices</code><br><br><a href="https://portswigger.net/daily-swig/ukrainian-police-expose-international-phone-hacking-gang">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32993">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 13:27:43">
13:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast] ⚠</strong><br><br><code>Latest episode - listen now! Solid cybersecurity advice in plain English.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/25/s3-ep60-exchange-exploit-godaddy-breach-and-cookies-made-public-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32994">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 14:29:42">
14:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-36807 ‼</strong><br><br><code>An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36807">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32995">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 14:29:43">
14:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-25269 ‼</strong><br><br><code>A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos Intercept X Advanced for Server before version 2.0.23, as well as Sophos Exploit Prevention before version 3.8.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25269">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32996">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 15:27:47">
15:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Cloud Security: Don’t wait until your next bill to find out about an attack! ⚠</strong><br><br><code>Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/26/cloud-security-dont-wait-until-your-next-bill-to-find-out-about-an-attack/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message32997">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 16:25:21">
16:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>♟️ The Internet is Held Together With Spit &amp; Baling Wire ♟️</strong><br><br><code>Imagine being able to disconnect or redirect Internet traffic destined for some of the world&apos;s largest companies -- just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the world&apos;s largest Internet backbones.</code><br><br><a href="https://krebsonsecurity.com/2021/11/the-internet-is-held-together-with-spit-baling-wire/">📖 Read</a><br><br>via &quot;<em>Krebs on Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32998">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 16:29:49">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-36843 ‼</strong><br><br><code>Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions &lt;= 4.3.5) Social Media Configuration form. Requires high role user like admin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36843">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message32999">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 16:29:51">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-41279 ‼</strong><br><br><code>BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41279">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33000">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 16:29:53">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-35533 ‼</strong><br><br><code>Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35533">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33001">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 16:29:55">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-40833 ‼</strong><br><br><code>A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40833">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33002">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 16:29:56">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-7881 ‼</strong><br><br><code>The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by &quot;FanTicket&quot; field. It is because of stored data without validation of length.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7881">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33003">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 16:29:58">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-26615 ‼</strong><br><br><code>ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26615">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33004">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 16:29:59">
16:29
       </div>

       <div class="text">
<strong>‼ CVE-2021-41243 ‼</strong><br><br><code>There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33005">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 16:30:02">
16:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-26611 ‼</strong><br><br><code>HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26611">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33006">

      <div class="body">

       <div class="pull_right date details" title="26.11.2021 16:30:06">
16:30
       </div>

       <div class="text">
<strong>‼ CVE-2021-36919 ‼</strong><br><br><code>Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions &lt;= 6.0.6), vulnerable parameters (&amp;id, &amp;assignee).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36919">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-965">

      <div class="body details">
27 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33007">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.11.2021 03:30:47">
03:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Learn in-demand ethical hacking skills in your own time for $11 during this Black Friday sale 🦿</strong><br><br><code>Even if you have no prior tech experience at all and are working full-time, you can qualify for a well-paid career in the tech industry by developing the skills found in these 10 self-paced courses.</code><br><br><a href="https://www.techrepublic.com/article/learn-in-demand-ethical-hacking-skills-in-your-own-time-for-11-during-this-black-friday-sale/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33008">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.11.2021 05:30:37">
05:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Get lifetime VPN security and privacy for just $20 during this Black Friday sale 🦿</strong><br><br><code>You will never again need to worry about your anonymity or sensitive personal data online when the best VPN service offers a lifetime of powerful protection.</code><br><br><a href="https://www.techrepublic.com/article/get-lifetime-vpn-security-and-privacy-for-just-20-during-this-black-friday-sale/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-966">

      <div class="body details">
28 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33009">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.11.2021 03:12:10">
03:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Become a cybersecurity analyst for just $9 🦿</strong><br><br><code>You&apos;ll never get a better deal on self-paced courses that can teach you the skills necessary to become a cybersecurity analyst, so start training now and switch to a new career in 2022.</code><br><br><a href="https://www.techrepublic.com/article/become-a-cybersecurity-analyst-for-just-9/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-967">

      <div class="body details">
29 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33010">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:02">
08:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2017-20008 ‼</strong><br><br><code>The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-20008">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33011">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:03">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-8921 ‼</strong><br><br><code>An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8921">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33012">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:05">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2019-8922 ‼</strong><br><br><code>A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn&apos;t any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8922">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33013">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:06">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24915 ‼</strong><br><br><code>The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24915">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33014">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:06">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24883 ‼</strong><br><br><code>The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24883">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33015">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:07">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24768 ‼</strong><br><br><code>The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24768">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33016">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:08">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24918 ‼</strong><br><br><code>The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin&apos;s setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24918">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33017">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:09">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24908 ‼</strong><br><br><code>The Check &amp; Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24908">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33018">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:10">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24927 ‼</strong><br><br><code>The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24927">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33019">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:11">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24749 ‼</strong><br><br><code>The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24749">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33020">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:15">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24755 ‼</strong><br><br><code>The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24755">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33021">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:16">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24889 ‼</strong><br><br><code>The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24889">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33022">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:17">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-38147 ‼</strong><br><br><code>Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38147">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33023">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:18">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24860 ‼</strong><br><br><code>The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24860">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33024">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:19">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-21707 ‼</strong><br><br><code>In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21707">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33025">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:23">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24751 ‼</strong><br><br><code>The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block&apos;s tagName attribute, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24751">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33026">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:24">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24842 ‼</strong><br><br><code>The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users&apos; posts.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24842">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33027">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:25">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24811 ‼</strong><br><br><code>The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24811">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33028">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:26">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24876 ‼</strong><br><br><code>The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24876">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33029">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 08:33:27">
08:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-24745 ‼</strong><br><br><code>The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24745">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33030">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 09:37:21">
09:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ UK Department for Transport caught inadvertently serving pornographic content to site visitors 🗓️</strong><br><br><code>‘The page has since been permanently deleted’, a government spokesperson told The Daily Swig</code><br><br><a href="https://portswigger.net/daily-swig/uk-department-for-transport-caught-inadvertently-serving-pornographic-content-to-site-visitors">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33031">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 10:33:05">
10:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43698 ‼</strong><br><br><code>An unspecified version of phpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET[&apos;query&apos;] then there is a XSS vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33032">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 12:14:51">
12:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ Interpol arrests 1,000 suspects, seizes $27m in crackdown on cybercrime 🗓️</strong><br><br><code>Worldwide law enforcement operation targets online crime surge</code><br><br><a href="https://portswigger.net/daily-swig/interpol-arrests-1-000-suspects-seizes-27m-in-crackdown-on-cybercrime">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33033">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 12:14:52">
12:14
       </div>

       <div class="text">
<strong>🕴 Paving the Road to Zero Trust With Adaptive Authentication 🕴</strong><br><br><code>A gradual transition to a world beyond passwords predisposes zero-trust projects to success.</code><br><br><a href="https://www.darkreading.com/vulnerabilities-threats/paving-the-road-to-zero-trust-with-adaptive-authentication">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33034">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 12:14:53">
12:14
       </div>

       <div class="text">
<strong>🕴 NanoLock Security and Waterfall Security Partner to Deliver OT Security for Industrial and Energy Applications 🕴</strong><br><br><code>The solution combines NanoLock’s device-level, zero-trust protection with Waterfall’s hardware-enforced IT/OT perimeter protection to provide a powerful OT security solution that mitigates cyber events from both IT and OT networks.</code><br><br><a href="https://www.darkreading.com/operations/nanolock-security-and-waterfall-security-partner-to-deliver-ot-security-for-industrial-and-energy-applications">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33035">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 12:33:16">
12:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43696 ‼</strong><br><br><code>An unspecified version of twmap is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43696">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33036">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 12:33:18">
12:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-43695 ‼</strong><br><br><code>An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43695">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33037">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 12:33:20">
12:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-43697 ‼</strong><br><br><code>An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C(&apos;VAR_JSONP_HANDLER&apos;)] then there is a XSS vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33038">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 13:01:57">
13:01
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 WFH security: How to protect your remote endpoints from vulnerabilities 🦿</strong><br><br><code>Many organizations lack an effective patch management program, especially when it comes to patching remote systems, says Action1.</code><br><br><a href="https://www.techrepublic.com/article/wfh-security-how-to-protect-your-remote-endpoints-from-vulnerabilities/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33039">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 13:29:05">
13:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Cloud Security: Don’t wait until your next bill to find out about an attack! ⚠</strong><br><br><code>Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/26/cloud-security-dont-wait-until-your-next-bill-to-find-out-about-an-attack/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33040">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 13:54:33">
13:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers ❌</strong><br><br><code>Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself.</code><br><br><a href="https://threatpost.com/shape-shifting-tardigrade-malware-hits-vaccine-makers/176601/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33041">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 14:07:10">
14:07
       </div>

       <div class="text">
<strong>🗓️ Italian police crack down on fake Covid-19 vaccination passes 🗓️</strong><br><br><code>Underground trade conducted over Telegram</code><br><br><a href="https://portswigger.net/daily-swig/italian-police-crack-down-on-fake-covid-19-vaccination-passes">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33042">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 14:36:23">
14:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3802 ‼</strong><br><br><code>A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3802">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33043">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 14:36:24">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43691 ‼</strong><br><br><code>An unspecified version of tripexpress is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER[&quot;argv&quot;] then there is a path manipulation vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43691">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33044">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 14:36:25">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-39995 ‼</strong><br><br><code>Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280_TD V100R005C10; eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39995">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33045">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 14:36:27">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43692 ‼</strong><br><br><code>An unspecified version of youtube-php-mirroring is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43692">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33046">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 14:36:29">
14:36
       </div>

       <div class="text">
<strong>‼ CVE-2021-43693 ‼</strong><br><br><code>vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43693">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33047">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 14:56:12">
14:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Unpatched Windows Zero-Day Allows Privileged File Access ❌</strong><br><br><code>A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.</code><br><br><a href="https://threatpost.com/unpatched-windows-zero-day-privileged-file-access/176609/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33048">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 15:26:17">
15:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 OpenStego Free Steganography Solution 0.8.2 🛠</strong><br><br><code>OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).</code><br><br><a href="https://packetstormsecurity.com/files/165097/openstego-0.8.2.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33049">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 16:24:36">
16:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks ❌</strong><br><br><code>The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.</code><br><br><a href="https://threatpost.com/scarcruft-apt-desktop-mobile-attacks/176620/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33050">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 17:32:41">
17:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 U.S. Issues Guidance to Protect Critical, Emerging Tech from Hacks 🔏</strong><br><br><code>The guidance applies to companies who work in semiconductors, quantum computing, the bioeconomy, and AI.</code><br><br><a href="https://digitalguardian.com/blog/us-issues-guidance-protect-critical-emerging-tech-hacks">📖 Read</a><br><br>via &quot;&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33051">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:24:38">
18:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ IKEA Hit by Email Reply-Chain Cyberattack ❌</strong><br><br><code>IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads.</code><br><br><a href="https://threatpost.com/ikea-email-reply-chain-attack/176625/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33052">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:24:40">
18:24
       </div>

       <div class="text">
<strong>❌ Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months ❌</strong><br><br><code>Attackers are honing Google Play dropper campaigns, overcoming app store restrictions.</code><br><br><a href="https://threatpost.com/banking-trojan-infections-google-play/176630/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33053">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:31">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-43783 ‼</strong><br><br><code>@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43783">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33054">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:32">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-43787 ‼</strong><br><br><code>Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43787">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33055">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:33">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-42358 ‼</strong><br><br><code>The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33056">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:34">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-43788 ‼</strong><br><br><code>Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43788">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33057">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:35">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-44198 ‼</strong><br><br><code>DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44198">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33058">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:36">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-44199 ‼</strong><br><br><code>DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44199">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33059">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:37">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-34800 ‼</strong><br><br><code>Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34800">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33060">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:38">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-44201 ‼</strong><br><br><code>Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44201">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33061">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:39">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-42365 ‼</strong><br><br><code>The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42365">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33062">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:40">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-44203 ‼</strong><br><br><code>Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44203">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33063">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:42">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-44200 ‼</strong><br><br><code>Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44200">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33064">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:42">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-43786 ‼</strong><br><br><code>Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43786">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33065">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:44">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-42364 ‼</strong><br><br><code>The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42364">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33066">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:33:45">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2021-44202 ‼</strong><br><br><code>Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44202">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33067">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 18:44:52">
18:44
       </div>

       <div class="text">
<strong>🕴 Panasonic Hit in Data Breach 🕴</strong><br><br><code>Tech firm reveals that data on one of its file servers was accessed by attackers.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/panasonic-hit-in-data-breach">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33068">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 19:14:53">
19:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation 🕴</strong><br><br><code>HAECHI-II initiative represents Interpol&apos;s stepped-up efforts to tackle the operators of financially motivated online scams and other cyberattacks.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/over-1-000-individuals-arrested-in-international-cybercrime-fighting-operation">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33069">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 19:44:57">
19:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Google Analyzes Methods Behind GCP Workload Attacks 🕴</strong><br><br><code>The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/google-analyzes-methods-behind-gcp-workload-attacks">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33070">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 19:44:58">
19:44
       </div>

       <div class="text">
<strong>🕴 IKEA Email Systems Targeted in Cyberattack 🕴</strong><br><br><code>Attackers are reportedly targeting IKEA employees in a phishing campaign that leverages stolen reply-chain emails.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/ikea-email-systems-targeted-in-cyberattack">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33071">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 19:44:59">
19:44
       </div>

       <div class="text">
<strong>🕴 Phishing Remains the Most Common Cause of Data Breaches, Survey Says 🕴</strong><br><br><code>Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.</code><br><br><a href="https://www.darkreading.com/edge-threat-monitor/phishing-remains-the-most-common-cause-of-data-breaches-survey-says">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33072">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 20:14:55">
20:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 9 out of 10 Healthcare Organizations Provide Telehealth Services, Yet Almost Half Face Patients&apos; Mistrust Toward Privacy 🕴</strong><br><br><code>Kaspersky surveyed healthcare decision-makers to learn how the digital transformation of the industry is going and which problems they believe should be solved to create a world in which everyone can gain access to quality care.</code><br><br><a href="https://www.darkreading.com/endpoint/9-out-of-10-healthcare-organizations-provide-telehealth-services-yet-almost-half-face-patients-mistrust-toward-privacy">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33073">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 20:33:35">
20:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-44427 ‼</strong><br><br><code>An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44427">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33074">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 20:45:24">
20:45
       </div>

       <div class="text">
<strong>🕴 Armis Now Valued at $3.4B 🕴</strong><br><br><code>One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago.</code><br><br><a href="https://www.darkreading.com/perimeter/armis-now-valued-at-3-4b">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33075">

      <div class="body">

       <div class="pull_right date details" title="29.11.2021 20:45:26">
20:45
       </div>

       <div class="text">
<strong>🕴 Stellar Cyber Raises $38M Series B to Address Need to Provide 360-Degree Visibility Across Entire Attack Surface 🕴</strong><br><br><code>Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/stellar-cyber-raises-38m-series-b-to-address-need-to-provide-360-degree-visibility-across-entire-attack-surface">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-968">

      <div class="body details">
30 November 2021
      </div>

     </div>

     <div class="message default clearfix" id="message33076">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 08:34:09">
08:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-3727 ‼</strong><br><br><code># Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they&apos;re an external API, it&apos;s not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3727">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33077">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 08:34:10">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-3769 ‼</strong><br><br><code># Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3769">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33078">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 08:34:11">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-3725 ‼</strong><br><br><code>Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3725">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33079">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 08:34:12">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-3726 ‼</strong><br><br><code># Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3726">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33080">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 10:37:17">
10:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🗓️ HP printer vulnerabilities left enterprise networks open to abuse via ‘cross-site printing’ attack 🗓️</strong><br><br><code>Hardware hacking technique gets points for innovation, although some degree of social engineering is required</code><br><br><a href="https://portswigger.net/daily-swig/hp-printer-vulnerabilities-left-enterprise-networks-open-to-abuse-via-cross-site-printing-nbsp-attack">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33081">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 11:04:08">
11:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cisco releases Shared Signals and Events reference document to solve &quot;head on a swivel&quot; problem 🦿</strong><br><br><code>Security standard could improve interoperability among security vendors and expand support for zero trust approach to security.</code><br><br><a href="https://www.techrepublic.com/article/cisco-releases-shared-signals-and-events-reference-document-to-solve-head-on-a-swivel-problem/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33082">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 11:25:15">
11:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Yanluowang Ransomware Tied to Thieflock Threat Actor ❌</strong><br><br><code>Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research.</code><br><br><a href="https://threatpost.com/yanluowang-ransomware-thieflock-threat-actor/176640/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33083">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 11:37:43">
11:37
       </div>

       <div class="text">
<strong>🗓️ Panasonic admits data breach after attackers gain access to file server 🗓️</strong><br><br><code>Reports suggest that intrusion may have persisted for months</code><br><br><a href="https://portswigger.net/daily-swig/panasonic-admits-data-breach-after-attackers-gain-access-to-file-server">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33084">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 12:03:06">
12:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Stegano 0.10.1 🛠</strong><br><br><code>Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.</code><br><br><a href="https://packetstormsecurity.com/files/165102/Stegano-0.10.1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33085">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 12:03:07">
12:03
       </div>

       <div class="text">
<strong>🛠 Wapiti Web Application Vulnerability Scanner 3.0.8 🛠</strong><br><br><code>Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.</code><br><br><a href="https://packetstormsecurity.com/files/165103/wapiti3-3.0.8.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33086">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 12:16:08">
12:16
       </div>

       <div class="text">
<strong>🕴 Finding Your Niche in Cybersecurity 🕴</strong><br><br><code>With a little patience and research, you can discover a role you love that also protects those around you.</code><br><br><a href="https://www.darkreading.com/careers-and-people/finding-your-niche-in-cybersecurity">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33087">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 12:29:20">
12:29
       </div>

       <div class="text">
<strong>⚠ Controversial face matchers Clearview set to be fined over $20m ⚠</strong><br><br><code>Scraping data for a facial recognition service? &quot;That&apos;s unlawful&quot;, concluded both the British and the Australians.</code><br><br><a href="https://nakedsecurity.sophos.com/2021/11/30/controversial-face-matchers-clearview-set-to-be-fined-over-20m/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33088">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 12:34:40">
12:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-41679 ‼</strong><br><br><code>A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33089">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 12:34:41">
12:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-41677 ‼</strong><br><br><code>A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &amp;Grade= parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41677">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33090">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 12:34:42">
12:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-25987 ‼</strong><br><br><code>Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “bodyâ€� and “tagsâ€� don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25987">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33091">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 12:34:43">
12:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-41678 ‼</strong><br><br><code>A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33092">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 13:15:56">
13:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Ransomware vs. Cities: A Cyber War 🕴</strong><br><br><code>As smart cities become the new normal for urban living, they must be resilient against the speed and sophistication of modern cyber threats.</code><br><br><a href="https://www.darkreading.com/dr-tech/ransomware-vs-cities-a-cyber-war">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33093">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:02:43">
14:02
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Become an ethical hacker for just $13 during this Cyber Week sale 🦿</strong><br><br><code>Now you can learn everything you need to become a master ethical hacker without having to take time away from your current job.</code><br><br><a href="https://www.techrepublic.com/article/become-an-ethical-hacker-for-just-13/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message33094">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:34:25">
14:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2021-43202 ‼</strong><br><br><code>In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43202">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33095">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:34:26">
14:34
       </div>

       <div class="text">
<strong>‼ CVE-2021-43998 ‼</strong><br><br><code>HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43998">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33096">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:37:39">
14:37
       </div>

       <div class="text">
<strong>🗓️ Bug Bounty Radar // The latest bug bounty programs for December 2021 🗓️</strong><br><br><code>New web targets for the discerning hacker</code><br><br><a href="https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-december-2021">📖 Read</a><br><br>via &quot;<em>The Daily Swig</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message33097">

      <div class="body">

       <div class="pull_right date details" title="30.11.2021 14:43:50">
14:43
       </div>

       <div class="text">
<strong>📢 Practicality of UK government’s cyber bill criticised by industry experts 📢</strong><br><br><code>The Product Security and Telecommunications Infrastructure (PSTI) Bill falls short in several key areas</code><br><br><a href="https://www.itpro.co.uk/business/policy-legislation/361669/practicality-of-uk-governments-cyber-bill-criticised">📖 Read</a><br><br>via &quot;<em>ITPro</em>&quot;.
       </div>

      </div>

     </div>

     <a class="pagination block_link" href="messages34.html">
Next messages
     </a>

    </div>

   </div>

  </div>

 </body>

</html>