Friday Squid Blogging: 14-foot Giant Squid Washes Ashore in Cape Town
It’s an Architeuthis dux, the second this year. As usual, you can also use this squid post to talk about the security stories in the...
Password manager LastPass reveals intrusion into development system
LastPass, maker of a popular password management application, revealed Thursday that an unauthorized party gained access to its development environment through a compromised developer account...
CVE-2021-3585
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. Read More
CVE-2021-35939
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to...
CVE-2021-3574
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. Read More
CVE-2021-3563
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators...
CVE-2021-3427
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted...
CVE-2021-3414
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations...
CVE-2021-20260
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission....
Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel
It is the first campaign in which the hacker group exploits SysAid apps as a vector for initial access Read More