Vesting benRevocable flag can be switched on and off by anyone and doesn't provide any additional control

Handle hyh Vulnerability details Impact Griefing attack is possible for revoke mechanics by calling vest with a tiny amount and zero isRevocable. This will switch revocable off for the whole vesting amount i.e. the whole set of timelocks flag is being set via last vest call. And vice versa,...

Schneider Electric NMC cards and Embedded Devices

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Network Management Cards NMC and NMC Embedded Devices Vulnerabilities: Cross-site Scripting, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...

Intel® Distribution of OpenVINO™ Toolkit Advisory

Summary: A potential security vulnerability in the Intel® Distribution of OpenVINO™ Toolkit may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details CVEID: CVE-2021-33073 Description: Uncontrolled resource consumption in the...

CVE-2021-39911

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...

firefox security update

91.3.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 91.3.0-1 - Update to 91.3.0 build1...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2021-2637)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4998-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4998-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2021 https://www.debian.org/security/faq -...

Cyber Attack Cripples Iranian Fuel Distribution Network

An attack on the fuel distribution chain in Iran reportedly forced the shutdown of a network of filling stations Tuesday, leaving motorists stranded at pumps across the country and unable to fill up their tanks. The incident disabled government-issued electronic cards providing subsidies that man...

Cyberattack Cripples Iranian Fuel Distribution Network

An attack on the fuel distribution chain in Iran reportedly forced the shutdown of a network of filling stations Tuesday, leaving motorists stranded at pumps across the country and unable to fill up their tanks. The incident disabled government-issued electronic cards providing subsidies that man...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Vulnerability (NS-SA-2021-0158)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssl packages installed that are affected by a vulnerability: - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a...

firefox security update

91.2.0-4.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 91.2.0-4 - Disable webrender on the s390x due to wrong colors: rhbz2009503 91.2.0-3 - Update to 91.2.0...

India Releases Cybersecurity Guidelines for Power Sector

A first in the sector, the latest scheme aims to enhance cybersecurity readiness and the overall efficiency of the country’s distribution companies...

India Releases Cybersecurity Guidelines for Power Sector

A first in the sector, the latest scheme aims to enhance cybersecurity readiness and the overall efficiency of the country’s distribution companies...

Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals

Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015. Pavel Stassi, 30, of Estonia, and...

CVE-2021-0297

A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being...

Trickbot module descriptions

Trickbot aka TrickLoader or Trickster, is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Trickbot was first discovered in October 2016. Just like Dyre, its main functionality was initially th...

TA505 Gang Is Back With Newly Polished FlawedGrace RAT

The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherro...

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates

The cybercriminals behind the infamous TrickBot trojan have signed two additional distribution affiliates, dubbed Hive0106 aka TA551 and Hive0107 by IBM X-Force. The result? Escalating ransomware hits on corporations, especially using the Conti ransomware. The development also speaks to the...

Attackers Behind Trickbot Expanding Malware Distribution Channels

The operators behind the pernicious TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as Conti. The threat actor, tracked under the monikers ITG23 and Wizard Spider, ha...

Apache Traffic Control input validation error vulnerability

Apache Traffic Control is a distributed and scalable content distribution solution from the Apache Foundation. Apache Traffic Control Traffic Ops is vulnerable to an input validation error, which is caused when an authenticated Apache Traffic Control Traffic Ops user with portal-level privileges...