Ελληνικά
Medium Advisory ID: cisco-sa-sni-data-exfil-mFgzXqLN First Published: 2021 August 18 16:00 GMT Version 1.0: Interim Workarounds: No workarounds available Cisco Bug IDs: CSCvy50873CSCvy64824CSCvy76771 CVSS Score: Base 5.8 CVE-2021-34749 CWE-200 Download CVRF Email Summary A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort […]
Author Archives: CSIRT
COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors. This week, the Indiana Department of Health issued a notice that the state’s COVID-19 contact-tracing system had been exposed via a cloud misconfiguration, revealing names, emails, gender, ethnicity, race and dates of birth of more than 750,000 people. The incident shows […]
Overall, the first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, PhishLabs reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May. “Bad actors continue to utilize phishing to […]
ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. Researchers at IoT security firm Armis discovered an authentication bypass vulnerability, tracked as CVE-2021-22779 and dubbed ModiPwn, that affects some of Schneider Electric ’s Modicon PLCs. The flaw can be exploited by an unauthenticated attacker […]
Adobe has issued multiple security advisories with patches for critical vulnerabilities in a wide range of software products, including the ever-present Adobe Acrobat and Reader application. The Mountain View, Calif.-based Adobe urged Windows and macOS users to treat the PDF Reader patch with the utmost priority, because the flaws expose machines to remote code execution […]