🕴 Inglis Retires as National Cyber Director Ahead of Biden's Cybersecurity EO 🕴
📖 Read
via "Dark Reading".
The long-time NSA and cyber specialist says he's exiting the public sector.📖 Read
via "Dark Reading".
Dark Reading
Inglis Retires as National Cyber Director Ahead of Biden's Cybersecurity EO
The long-time NSA and cyber specialist says he's exiting the public sector.
🕴 Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks 🕴
📖 Read
via "Dark Reading".
The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.📖 Read
via "Dark Reading".
Dark Reading
Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks
The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.
🕴 Google Translate Helps BEC Groups Scam Companies in Any Language 🕴
📖 Read
via "Dark Reading".
BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally.📖 Read
via "Dark Reading".
Dark Reading
Google Translate Helps BEC Groups Scam Companies in Any Language
BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally.
🕴 Check Point Boosts AppSec Focus With CNAPP Enhancements 🕴
📖 Read
via "Dark Reading".
Established network security players like Check Point are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.📖 Read
via "Dark Reading".
Dark Reading
Check Point Boosts AppSec Focus With CNAPP Enhancements
Established network security players are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.
‼ CVE-2023-22233 ‼
📖 Read
via "National Vulnerability Database".
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21575 ‼
📖 Read
via "National Vulnerability Database".
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22239 ‼
📖 Read
via "National Vulnerability Database".
After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23064 ‼
📖 Read
via "National Vulnerability Database".
TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22228 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21621 ‼
📖 Read
via "National Vulnerability Database".
FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22243 ‼
📖 Read
via "National Vulnerability Database".
Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22232 ‼
📖 Read
via "National Vulnerability Database".
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22229 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22227 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21577 ‼
📖 Read
via "National Vulnerability Database".
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22234 ‼
📖 Read
via "National Vulnerability Database".
Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22236 ‼
📖 Read
via "National Vulnerability Database".
Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0482 ‼
📖 Read
via "National Vulnerability Database".
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48115 ‼
📖 Read
via "National Vulnerability Database".
The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21583 ‼
📖 Read
via "National Vulnerability Database".
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40021 ‼
📖 Read
via "National Vulnerability Database".
QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability.📖 Read
via "National Vulnerability Database".