Google Updates on Campaign Targeting Security Researchers

Subscribe to Newsletters

Cybersecurity Risk Management FREE Event 4/22
Earn (ISC)2 CPEs at Interop Digital, April 29

More Informa Tech Live Events

White Papers

Threat Reconnaissance Lessons from the Private Sector for Federal & State Agencies

The Ultimate Cyber Skills Strategy Cheat Sheet

Improving Security by Moving Beyond VPN

How to Achieve Risk-Based Vulnerability Management

The State of Endpoint Security

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Hey Jeff, any ideas where our WordPress site’s breadcrumbs disappeared?

Cartoon Archive

Current Issue

2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!

Back Issues | Must Reads

Flash Poll

All Polls

How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today’s Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2021-28994
PUBLISHED: 2021-03-31

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.

CVE-2021-29349
PUBLISHED: 2021-03-31

Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications re…

CVE-2020-24550
PUBLISHED: 2021-03-31

An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.

CVE-2021-27220
PUBLISHED: 2021-03-31

An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG’s Web server.

CVE-2021-27349
PUBLISHED: 2021-03-31

Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727.

The post Google Updates on Campaign Targeting Security Researchers appeared first on Malware Devil.

https://malwaredevil.com/2021/03/31/google-updates-on-campaign-targeting-security-researchers-2/?utm_source=rss&utm_medium=rss&utm_campaign=google-updates-on-campaign-targeting-security-researchers-2