βΌ CVE-2023-22603 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48299 βΌ
π Read
via "National Vulnerability Database".
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22609 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: noneπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41064 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48298 βΌ
π Read
via "National Vulnerability Database".
The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22607 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: noneπ Read
via "National Vulnerability Database".
βΌ CVE-2022-48297 βΌ
π Read
via "National Vulnerability Database".
The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48288 βΌ
π Read
via "National Vulnerability Database".
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48286 βΌ
π Read
via "National Vulnerability Database".
The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0575 βΌ
π Read
via "National Vulnerability Database".
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.π Read
via "National Vulnerability Database".
π΄ Phishing Surges Ahead, as ChatGPT & AI Loom π΄
π Read
via "Dark Reading".
AI and phishing-as-a-service (PaaS) kits are making it easier for threat actors to create malicious email campaigns, which continue to target high-volume applications using popular brand names.π Read
via "Dark Reading".
Dark Reading
Phishing Surges Ahead, as ChatGPT & AI Loom
AI and phishing-as-a-service (PaaS) kits are making it easier for threat actors to create malicious email campaigns, which continue to target high-volume applications using popular brand names.
π΄ Cryptographers Decode Secret Letters of Mary, Queen of Scots π΄
π Read
via "Dark Reading".
Nearly a half-millennium after her execution, encrypted letters from the imprisoned royal offer a fascinating look into early cryptography.π Read
via "Dark Reading".
Dark Reading
Cryptographers Decode Secret Letters of Mary, Queen of Scots
Nearly a half-millennium after her execution, encrypted letters from the imprisoned royal offer a fascinating look into early cryptography.
π΄ Kaspersky Finds Growing Number of Parents Experiencing Ransomware Attacks on Children's Schools π΄
π Read
via "Dark Reading".
Schools paying higher ransoms and seeing longer closures, according to survey of parents.π Read
via "Dark Reading".
Dark Reading
Kaspersky Finds Growing Number of Parents Experiencing Ransomware Attacks on Children's Schools
Schools paying higher ransoms and seeing longer closures, according to survey of parents.
βοΈ U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group βοΈ
π Read
via "Krebs on Security".
Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating "Trickbot," a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities.π Read
via "Krebs on Security".
Krebs on Security
U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group
Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating "Trickbot," a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeoversβ¦
π΄ SynSaber Releases ICS CVE Retrospective: 3 Years of CISA Advisories π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SynSaber Releases ICS CVE Retrospective: 3 Years of CISA Advisories
CHANDLER, Ariz., Feb. 9, 2023 /PRNewswire/ -- SynSaber, an early-stage ICS/OT cybersecurity and asset monitoring company, announced today the release of the company's first Industrial Control Systems (ICS) CVE Retrospective: 3 Years of CISA Advisories, whichβ¦
π΄ 7 Critical Cloud Threats Facing the Enterprise in 2023 π΄
π Read
via "Dark Reading".
From shadow data to misconfigurations, and overpermissioning to multicloud sprawl, Dark Reading's cloud security slideshow helps security pros understand the threat horizon.π Read
via "Dark Reading".
Dark Reading
7 Critical Cloud Threats Facing the Enterprise in 2023
From shadow data to misconfigs, and overpermissioning to multicloud sprawl, our cloud security slideshow helps security pros understand the threat horizon.
π΄ Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware π΄
π Read
via "Dark Reading".
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.π Read
via "Dark Reading".
Dark Reading
Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.
βΌ CVE-2023-21435 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21429 βΌ
π Read
via "National Vulnerability Database".
Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21423 βΌ
π Read
via "National Vulnerability Database".
Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22792 βΌ
π Read
via "National Vulnerability Database".
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.π Read
via "National Vulnerability Database".