π΄ Jailbreak Trick Breaks ChatGPT Content Safeguards π΄
π Read
via "Dark Reading".
Jailbreak command creates ChatGPT alter ego DAN, willing to create content outside of its own content restriction controls.π Read
via "Dark Reading".
Dark Reading
Jailbreak Trick Breaks ChatGPT Content Safeguards
Jailbreak command creates ChatGPT alter ego DAN, willing to create content outside of its own content restriction controls.
π΄ CISA Releases Recovery Script for Victims of ESXiArgs Ransomware π΄
π Read
via "Dark Reading".
The malware has affected thousands of VMware ESXi hypervisors in the last few days.π Read
via "Dark Reading".
Dark Reading
CISA Releases Recovery Script for Victims of ESXiArgs Ransomware
The malware has affected thousands of VMware ESXi hypervisors in the last few days.
π΄ (ISC)Β² Makes Certified in Cybersecurity Exam Available in More Languages to Address Global Workforce Shortage π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
(ISC)Β² Makes Certified in Cybersecurity Exam Available in More Languages to Address Global Workforce Shortage
ALEXANDRIA, Va., Feb. 8, 2023 /PRNewswire/ -- (ISC)Β² β the world's largest nonprofit association of certified cybersecurity professionals β today announced that the Certified in Cybersecurityβ exam is available in five additional languages, including Chineseβ¦
βΌ CVE-2022-38777 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47648 βΌ
π Read
via "National Vulnerability Database".
Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25163 βΌ
π Read
via "National Vulnerability Database".
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an Application via the Argo CD API (and therefor the UI or CLI). The user must have `applications, create` or `applications, update` RBAC access to reach the code which may produce the error. The user is not guaranteed to be able to trigger the error message. They may attempt to spam the API with requests to trigger a rate limit error from the upstream repository. If the user has `repositories, update` access, they may edit an existing repository to introduce a URL typo or otherwise force an error message. But if they have that level of access, they are probably intended to have access to the credentials anyway. A patch for this vulnerability has been released in version 2.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38778 βΌ
π Read
via "National Vulnerability Database".
A flaw (CVE-2022-38900) was discovered in one of KibanaΓ’β¬β’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45982 βΌ
π Read
via "National Vulnerability Database".
thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.π Read
via "National Vulnerability Database".
π΄ Lessons From the Cold War: How Quality Trumps Quantity in Cybersecurity π΄
π Read
via "Dark Reading".
High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well.π Read
via "Dark Reading".
Dark Reading
Lessons From the Cold War: How Quality Trumps Quantity in Cybersecurity
High-quality tools and standards remain critical components in cybersecurity efforts even as budgets decline. It's important that staff knows response procedures and their roles, and also communicates well.
βΌ CVE-2023-0760 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0759 βΌ
π Read
via "National Vulnerability Database".
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.π Read
via "National Vulnerability Database".
β OpenSSL fixes High Severity data-stealing bug β patch now! β
π Read
via "Naked Security".
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π±1
βΌ CVE-2023-22953 βΌ
π Read
via "National Vulnerability Database".
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0624 βΌ
π Read
via "National Vulnerability Database".
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0574 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0 through 2.13.π Read
via "National Vulnerability Database".
π΄ Twitter Implements API Paywall; But Will That Solve Its Enormous Bot Crisis? π΄
π Read
via "Dark Reading".
Restricting the Twitter API will have implications across Twitter, the broader Internet, and society, experts say. Is there a cybersecurity silver lining, or will threat actors pay to play?π Read
via "Dark Reading".
Dark Reading
Twitter Implements API Paywall, but Will That Solve Its Enormous Bot Crisis?
Restricting the Twitter API will have implications across Twitter, the broader Internet, and society, experts say. Is there a cybersecurity silver lining, or will threat actors pay to play?
ποΈ New XSS Hunter host Truffle Security faces privacy backlash ποΈ
π Read
via "The Daily Swig".
Anonymized numbers of bug discoveries swiftly deleted after pushbackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
New XSS Hunter host Truffle Security faces privacy backlash
Anonymized numbers of bug discoveries swiftly deleted after pushback
β S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text] β
π Read
via "Naked Security".
Latest epsiode. Listen now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ In Perfect Harmony: Cybersecurity Regulation Harmonization π΄
π Read
via "Dark Reading".
By simplifying compliance management, security and risk teams can focus on managing operational risk, not compliance risk β and better counter threats.π Read
via "Dark Reading".
Dark Reading
In Perfect Harmony: Cybersecurity Regulation Harmonization
By simplifying compliance management, security and risk teams can focus on managing operational risk, not compliance risk β and better counter threats.
π1
π΄ NIST Picks IoT Standard for Small Electronics Cybersecurity π΄
π Read
via "Dark Reading".
NIST announces that it will use Ascon as a cryptography standard for lightweight IoT device protection.π Read
via "Dark Reading".
Dark Reading
NIST Picks IoT Standard for Small Electronics Cybersecurity
NIST announces that it will use Ascon as a cryptography standard for lightweight IoT device protection.
βΌ CVE-2022-48293 βΌ
π Read
via "National Vulnerability Database".
The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".