Read Time:3 Second
Avanan spots campaign leveraging Dynamic 365 Customer Voice
Monthly Archives: November 2022
World’s Most Expensive Observatory Floored by Cyber-Attack
Crime in the metaverse – police face new challenges in a virtual world
Read Time:15 Second
The metaverse is evolving, and tech giants like Meta (the firm previously known as Facebook), Microsoft, and Google are betting big that you’ll want to be a part of it.
You know who else might be keen? Criminals.
Read more in my article on the Hot for Security blog.
DSA-5270 ntfs-3g – security update
Read Time:13 Second
Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, a
read-write NTFS driver for FUSE, due to incorrect validation of some of
the NTFS metadata. A local user can take advantage of this flaw for
local root privilege escalation.
CVE-2021-39077 (security_guardium)
Read Time:12 Second
“IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.”
CVE-2021-36906
Read Time:6 Second
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.
Mondelez and Zurich’s NotPetya cyber-attack insurance settlement leaves behind no legal precedent
Read Time:31 Second
Multinational food and beverage company Mondelez International and Zurich American Insurance have settled their multiyear litigation surrounding the cyberattack coverage – or lack of such coverage – following the NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone’s attention.
The pain was felt on June 27, 2017, when NotPetya wiped out 24,000 laptops and 1,700 servers within the Mondelez network. The malware, designed to destroy, did just that. Mondelez estimated damages would approach $100 million USD.
CVE-2021-37823 (opencart)
Read Time:6 Second
OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.
CVE-2020-22820
Read Time:4 Second
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
CVE-2020-22819
Read Time:4 Second
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.