# Exploit Title: SAS Environment Manager 2.5 – ‘name’ Stored Cross-Site Scripting (XSS) # Date: 24/06/2021 # Exploit Author: Luqman Hakim Zahari @ Saitamang # Vendor Homepage: https://support.sas.com/en/software/environment-manager-support.html # Version: 2.5 # Tested on: CentOS 7 # CVE : CVE-2021-35475 # Description # SAS® Environment Manager 2.5 allows XSS through the Name field…
The antivirus software entrepreneur John McAfee has been found dead in his cell in Spain from an apparent suicide, hours after the country’s highest court approved his extradition to the United States, where he was wanted on tax-related criminal charges that carry a prison sentence of up to 30 years. Catalonia’s regional police force, the…
Microsoft announced Windows 11 software version last week at a late night Microsoft event. While the stable software version has not been released yet, the company has announced a preview version of Windows 11, which users can try out currently or wait for the official release till the end of the year. The stable version…
Microsoft said an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers. The company said it had found the compromise during its response to hacks by a team it identifies as responsible for earlier major breaches at SolarWinds and Microsoft. Microsoft said…
Application Security , Biometrics , Encryption & Key Management Microsoft Promises Better ‘Zero Trust’ Capability, Passwordless Access Doug Olenick (DougOlenick) • June 25, 2021 Microsoft’s upcoming Windows 11 operating system will have new security capabilities and a new look. (Source: Microsoft) Security specialists are offering preliminary feedback on Microsoft’s sneak peek at the…
VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) running on Windows machines. Carbon Black App Control is designed to improve the security of servers and other critical systems by locking them down to prevent unauthorized tampering. The newly addressed security hole, the company…
John McAfee, the founder and namesake of the eponymous endpoint security and antivirus software company, was found dead yesterday at the age of 75. John McAfee was found dead in a Barcelona prison cell while awaiting extradition to the United States to face charges of tax evasion. Catalan Justice Department officials have labeled the death…
Four major security vulnerabilities were discovered in the BIOSConnect feature of Dell SupportAssist. The Dell SupportAssist vulnerabilities were allowing attackers to remotely execute code within the BIOS of impacted devices. The SupportAssist software is preinstalled on most Dell devices running Windows operating system, while BIOSConnect provides remote firmware update and OS recovery features. The chain of flaws that…
A hacking group believed to be responsible for the SolarWinds breaches used access to Microsoft’s support tools via a compromised customer service agent’s computer, a breach that enabled the hackers to perform further hacks against Microsoft’s customers. Disclosed on Friday via a blog post, Microsoft confirmed its investigation into the Nobelium hacking group found “information-stealing…
Application Security , Biometrics , Encryption & Key Management Microsoft Promises Better ‘Zero Trust’ Capability, Passwordless Access Doug Olenick (DougOlenick) • June 25, 2021 Microsoft’s upcoming Windows 11 operating system will have new security capabilities and a new look. (Source: Microsoft) Security specialists are offering preliminary feedback on Microsoft’s sneak peek at the…
