ποΈ NIST plots biggest ever reform of Cybersecurity Framework ποΈ
π Read
via "The Daily Swig".
CSF 2.0 blueprint offered up for public reviewπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
π1
βΌ CVE-2023-0869 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0986 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/?page=user/manage_user of the component Edit User. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221679.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48343 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24104 βΌ
π Read
via "National Vulnerability Database".
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0868 βΌ
π Read
via "National Vulnerability Database".
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48344 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0987 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221680.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48342 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23659 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24384 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0988 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0867 βΌ
π Read
via "National Vulnerability Database".
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24415 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot ? plugin <= 4.2.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0815 βΌ
π Read
via "National Vulnerability Database".
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug.π Read
via "National Vulnerability Database".
π΄ (ISC)Β² Opens Security Congress 2023 Call for Presentations π΄
π Read
via "Dark Reading".
(ISC)2 members and cybersecurity professionals worldwide are encouraged to share their expertise, best practices and experiences with their peers and career hopefuls.π Read
via "Dark Reading".
Dark Reading
(ISC)Β² Opens Security Congress 2023 Call for Presentations
(ISC)2 members and cybersecurity professionals worldwide are encouraged to share their expertise, best practices and experiences with their peers and career hopefuls.
β NPM JavaScript packages abused to create scambait links in bulk β
π Read
via "Naked Security".
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!π Read
via "Naked Security".
Naked Security
NPM JavaScript packages abused to create scambait links in bulk
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!
π΄ Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? π΄
π Read
via "Dark Reading".
Before adopting SaaS apps, companies should set security guardrails to vet new vendors and check security integration for misconfiguration risks.π Read
via "Dark Reading".
Dark Reading
Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps?
Before adopting SaaS apps, companies should set security guardrails to vet new vendors and check security integration for misconfiguration risks.
π΄ Rezilion Research Discovers Hidden Vulnerabilities in Hundreds of Docker Container Images π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Rezilion Research Discovers Hidden Vulnerabilities in Hundreds of Docker Container Images
BE'ER SHEVA, Israel, Feb. 23, 2023 /PRNewswire/ -- Rezilion announced today the release of the company's new research, "Hiding in Plain Sight: Hidden Vulnerabilities in Popular Open Source Containers," uncovering the presence of hundreds of docker containerβ¦
β S3 Ep123: Crypto company compromise kerfuffle [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Metomic Raises $20 Million to Protect Sensitive Data in SaaS Applications π΄
π Read
via "Dark Reading".
As a data security solution focused solely on SaaS ecosystems, Metomic will use the Series A funding round to expand into the U.S.π Read
via "Dark Reading".
Dark Reading
Metomic Raises $20 Million to Protect Sensitive Data in SaaS Applications
As a data security solution focused solely on SaaS ecosystems, Metomic will use the Series A funding round to expand into the U.S.