CISA Urges Caution for Security Researchers Targeted in Attack Campaign

Subscribe to Newsletters

Cybersecurity Risk Management FREE Event 4/22
Earn (ISC)2 CPEs at Interop Digital, April 29

More Informa Tech Live Events

White Papers

What Elite Threat Hunters See That Others Miss: Case Study

Are We Cyber-Resilient? The Key Question Every Organization Must Answer

10 Must-Have Capabilities for Stopping Malicious Automation Checklist

SANS 2021 Cyber Threat Intelligence Survey

Take Control of Security Operations with Consolidation and XDR

More White Papers

Video

All Videos

Cartoon

Post a Comment

Cartoon Archive

Current Issue

2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!

Back Issues | Must Reads

Flash Poll

All Polls

How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today’s Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14

An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.

CVE-2021-27181
PUBLISHED: 2021-04-14

An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va…

CVE-2021-27182
PUBLISHED: 2021-04-14

An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.

CVE-2021-27183
PUBLISHED: 2021-04-14

An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead…

CVE-2021-29449
PUBLISHED: 2021-04-14

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.

The post CISA Urges Caution for Security Researchers Targeted in Attack Campaign appeared first on Malware Devil.

https://malwaredevil.com/2021/04/14/cisa-urges-caution-for-security-researchers-targeted-in-attack-campaign/?utm_source=rss&utm_medium=rss&utm_campaign=cisa-urges-caution-for-security-researchers-targeted-in-attack-campaign