Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162PUBLISHED: 2021-01-15Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
User Rank: Apprentice
4/8/2017 | 7:34:58 PM
This malware, while appearing to be malicious in nature, is truly epic. No one is hurt, besides the victims pockbook/wallet, and nothing is gained from the attack. And the only true lesson learned here is this: Change the default password.
Awesome! And if buddy goes, gets new hardware and then refuses to change the password which again results in another infection and bricking of hardware again.... Sucks to be him.
What can we do? We cannot protect against stupid. Only educate and inform. We could be dictators. But then we would be no better than Microsoft was back in the day or Apple when the systems were locked down to prevent mods. So important lessons need to be learned. Always change the default password. Failure to do so will result in your own monetary loss due to your own idiocy.