βΌ CVE-2023-22796 βΌ
π Read
via "National Vulnerability Database".
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24322 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21441 βΌ
π Read
via "National Vulnerability Database".
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22797 βΌ
π Read
via "National Vulnerability Database".
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22795 βΌ
π Read
via "National Vulnerability Database".
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22799 βΌ
π Read
via "National Vulnerability Database".
A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24689 βΌ
π Read
via "National Vulnerability Database".
An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspxπ Read
via "National Vulnerability Database".
βΌ CVE-2023-24688 βΌ
π Read
via "National Vulnerability Database".
An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.π Read
via "National Vulnerability Database".
π΄ NewsPenguin Goes Phishing for Maritime & Military Secrets π΄
π Read
via "Dark Reading".
A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.π Read
via "Dark Reading".
Dark Reading
NewsPenguin Goes Phishing for Maritime & Military Secrets
A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.
π΄ Reddit Breached With Stolen Employee Credentials π΄
π Read
via "Dark Reading".
Reddit code, internal documents, dashboards, and business systems were compromised in the cyberattack.π Read
via "Dark Reading".
Dark Reading
Reddit Breached With Stolen Employee Credentials
Reddit code, internal documents, dashboards, and business systems were compromised in the cyberattack.
π’ The case for an accelerated device refresh cycle π’
π Read
via "ITPro".
Achieving a more cost-effective device lifecycle overallπ Read
via "ITPro".
ITPro
The case for an accelerated device refresh cycle
Achieving a more cost-effective device lifecycle overall
π’ Why technology, cyber and privacy risk management are critical for digital transformation π’
π Read
via "ITPro".
How ServiceNow Integrated Risk Management helps you embrace the digital futureπ Read
via "ITPro".
ITPro
Why technology, cyber and privacy risk management are critical for digital transformation
How ServiceNow Integrated Risk Management helps you embrace the digital future
π’ Automation: The key to optimised server management π’
π Read
via "ITPro".
Deliver modern digital end-user experiences, innovate with data, and more flexibly deliver IT servicesπ Read
via "ITPro".
ITPro
Automation: The key to optimised server management
Deliver modern digital end-user experiences, innovate with data, and more flexibly deliver IT services
π’ Cyber resiliency and end-user performance π’
π Read
via "ITPro".
Reduce risk and deliver greater business success with cyber-resilience capabilitiesπ Read
via "ITPro".
ITPro
Cyber resiliency and end-user performance
Reduce risk and deliver greater business success with cyber-resilience capabilities
π’ What is spell-jacking? π’
π Read
via "ITPro".
Spell-jacking vulnerabilities are threatening to unwittingly leak data to third parties, undermining any drive to protect privacyπ Read
via "ITPro".
ITPro
What is the spell-jacking vulnerability and how can your business avoid exposing data?
Spell-jacking vulnerabilities are threatening to unwittingly leak data to third parties, undermining any drive to protect privacy
π’ TD Synnex launches free security self-assessments for VMware partners π’
π Read
via "ITPro".
Partners can now offer clients three specially-designed surveys, worth tens of thousands, to help drive new business potentialπ Read
via "ITPro".
channelpro
TD Synnex launches free security self-assessments for VMware partners
Partners can now offer clients three specially-designed surveys, worth tens of thousands, to help drive new business potential
π’ PowerEdge - Cyber resilient infrastructure for a Zero Trust world π’
π Read
via "ITPro".
Combat threats with an in-depth security stanceπ Read
via "ITPro".
ITPro
PowerEdge - Cyber resilient infrastructure for a Zero Trust world
Combat threats with an in-depth security stance
π’ ESXi ransomware campaign strikes Florida Supreme Court, worldwide universities π’
π Read
via "ITPro".
Threat actors show no sign of stopping following the widespread exploitation of the two-year-old vulnerability in VMware ESXi serversπ Read
via "ITPro".
ITPro
ESXi ransomware campaign strikes Florida Supreme Court, worldwide universities
Threat actors show no sign of stopping following the widespread exploitation of the two-year-old vulnerability in VMware ESXi servers
π₯1
π΄ Google Cloud Connects Chronicle to Health ISAC Feed π΄
π Read
via "Dark Reading".
Members of the Health-ISAC can ingest threat indicators directly into Chronicle to investigate whether the threat is present in their environment.π Read
via "Dark Reading".
Dark Reading
Google Cloud Connects Chronicle to Health ISAC Feed
Members of the Health-ISAC can ingest threat indicators directly into Chronicle to investigate whether the threat is present in their environment.
ποΈ OAuth βmasterclassβ crowned top web hacking technique of 2022 ποΈ
π Read
via "The Daily Swig".
Single sign-on and request smuggling to the fore in another stellar year for web security researchπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
OAuth βmasterclassβ crowned top web hacking technique of 2022
Single sign-on and request smuggling to the fore in another stellar year for web security research
π΄ Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together π΄
π Read
via "Dark Reading".
Bridging the divide between developers and security can create a culture change organically.π Read
via "Dark Reading".
Dark Reading
Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together
Bridging the divide between developers and security can create a culture change organically.