A site for cybersecurity directives and implementation guidance, from the Cybersecurity and Infrastructure Security Agency.

VMware ESXi updates address authentication and denial of service vulnerabilities (CVE-2021-21994, CVE-2021-21995)

Advanced persistent threats pose a significant challenge for blue teams as they apply various attacks over prolonged periods, impeding event correlation and their detection. In this work, we leverage various diverse attack scenarios to assess the efficacy of EDRs against detecting and preventing APTs. Our results indicate that there is still a lot of room for improvement as state-of-the-art EDRs fail to prevent and log the bulk of the attacks that are reported in this work. Additionally, we discuss methods to tamper with the telemetry providers of EDRs, allowing an adversary to perform a more stealth attack.

SigNoz is an open-source APM. It helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc. 🔥 🖥.   👉  Open source Application...

We discovered two code execution vulnerabilities that affected Etherpad servers and data. Learn more about the technical details and how to avoid such coding issues.

Through the course of collaboration with trusted third parties, including Mandiant, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials. The exploitation targets a known vulnerability that has been patched in newer versions of firmware.SonicWall PSIRT strongly suggests that organizations still using 8.x firmware review the information below an

Google’s Threat Analysis Group (TAG) actively works to detect hacking attempts and influence operations to protect users from digital attacks, this includes hunting for 0-day vulnerabilities because they can be particularly dangerous when exploited and have a high rate of success.

Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. In this article, we will introduce podman and how to use it with a small application build using nodejs. The app will be very simple and clean. Install Podman Podman command is the same as docker just type […]

This security advisory is written about the WooCommerce SQL Injection vulnerability. Patchstack users are safe from the vulnerability.

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition.
The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data.
Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. …

Preface (日本語版も公開されています。) Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments. This article describes vulnerabilities reported through this program and published with the permission of the Cloudflare security team. So this article is not intended to recommend you to perform an unauthorized vulnerability assessment. If you found any vulnerabilities in Cloudflare’s product, please report it to Cloudflare’s vulnerability disclosure program. TL;DR There was a vulnerability in the cdnjs library update server that could execute arbitrary

Biometric authentication is beginning to see rapid adoption across the enterprise as organizations look to incorporate passwordless solutions to help mitigate the numerous security risks inherent...

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files

Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040

https://blog.talosintelligence.com/2021/07/vuln-spotlight-d-link.html

P.S. Thx for link @Thatskriptkid ✌️

Docker Compose is an open-source tool used by developers for orchestrating containers locally or in production. If you are new to containers, I suggest checking out the following links: Get Started with Docker A Practical Introduction to Container Terminology Using Pods with Podman on Fedora Podman with Capabilities on Fedora Podman, a powerful alternative to […]