π΄ Application Security Must Be Nonnegotiable π΄
π Read
via "Dark Reading".
Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems.π Read
via "Dark Reading".
Dark Reading
Application Security Must Be Nonnegotiable
Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems.
π΄ Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data π΄
π Read
via "Dark Reading".
Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.π Read
via "Dark Reading".
Dark Reading
Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data
Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.
βΌ CVE-2022-47003 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.π Read
via "National Vulnerability Database".
π΄ Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions π΄
π Read
via "Dark Reading".
The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.π Read
via "Dark Reading".
Dark Reading
Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions
The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.
π΄ Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats π΄
π Read
via "Dark Reading".
Gem Security provides the world's first holistic approach for Cloud TDIR, bridging the gap between cloud complexity and security operations.π Read
via "Dark Reading".
Dark Reading
Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats
Gem Security provides the world's first holistic approach for Cloud TDIR, bridging the gap between cloud complexity and security operations.
π΄ Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover π΄
π Read
via "Dark Reading".
Two security holes β one particularly gnarly β could allow hackers the freedom to do as they wish with the popular edge equipment.π Read
via "Dark Reading".
Dark Reading
Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover
Two security holes β one particularly gnarly β could allow hackers the freedom to do as they wish with the popular edge equipment.
β GitHub code-signing certificates stolen (but will be revoked this week) β
π Read
via "Naked Security".
There was a breach, so the bad news isn't great, but the good news isn't too bad...π Read
via "Naked Security".
Naked Security
GitHub code-signing certificates stolen (but will be revoked this week)
There was a breach, so the bad news isnβt great, but the good news isnβt too badβ¦
π1π₯1
βΌ CVE-2023-23135 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48093 βΌ
π Read
via "National Vulnerability Database".
Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23136 βΌ
π Read
via "National Vulnerability Database".
lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24997 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48094 βΌ
π Read
via "National Vulnerability Database".
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.π Read
via "National Vulnerability Database".
π΄ Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry π΄
π Read
via "Dark Reading".
Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.π Read
via "Dark Reading".
Dark Reading
Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry
Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.
βΌ CVE-2023-0617 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219957 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47983 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0618 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219958 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22326 βΌ
π Read
via "National Vulnerability Database".
In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23555 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22340 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22839 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22374 βΌ
π Read
via "National Vulnerability Database".
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".