Google Updates on Campaign Targeting Security Researchers

Subscribe to Newsletters

Cybersecurity Risk Management FREE Event 4/22
Earn (ISC)2 CPEs at Interop Digital, April 29

More Informa Tech Live Events

White Papers

Threat Reconnaissance Lessons from the Private Sector for Federal & State Agencies

The Ultimate Cyber Skills Strategy Cheat Sheet

Improving Security by Moving Beyond VPN

How to Achieve Risk-Based Vulnerability Management

Take Control of Security Operations with Consolidation and XDR

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Hey Jeff, any ideas where our WordPress site’s breadcrumbs disappeared?

Cartoon Archive

Current Issue

2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!

Back Issues | Must Reads

Flash Poll

All Polls

How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today’s Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2021-22538
PUBLISHED: 2021-03-31

A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create another user with higher privileges than the…

CVE-2021-26943
PUBLISHED: 2021-03-31

The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3).

CVE-2021-29663
PUBLISHED: 2021-03-31

CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS payload. This payload will execute whenever an…

CVE-2020-35308
PUBLISHED: 2021-03-31

CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code.

CVE-2021-29662
PUBLISHED: 2021-03-31

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

The post Google Updates on Campaign Targeting Security Researchers appeared first on Malware Devil.

https://malwaredevil.com/2021/03/31/google-updates-on-campaign-targeting-security-researchers/?utm_source=rss&utm_medium=rss&utm_campaign=google-updates-on-campaign-targeting-security-researchers