⚠ S3 Ep123: Crypto company compromise kerfuffle [Audio + Text] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🕴 Metomic Raises $20 Million to Protect Sensitive Data in SaaS Applications 🕴
📖 Read
via "Dark Reading".
As a data security solution focused solely on SaaS ecosystems, Metomic will use the Series A funding round to expand into the U.S.📖 Read
via "Dark Reading".
Dark Reading
Metomic Raises $20 Million to Protect Sensitive Data in SaaS Applications
As a data security solution focused solely on SaaS ecosystems, Metomic will use the Series A funding round to expand into the U.S.
🕴 Cris Thomas: Space Rogue, From L0pht Hacker to IBM Security Influencer 🕴
📖 Read
via "Dark Reading".
Security Pro File: The old-school hacker traces a path from young hardware tinkerer to senior cybersecurity executive.📖 Read
via "Dark Reading".
Dark Reading
Cris Thomas: Space Rogue, From L0pht Hacker to IBM Security Influencer
Security Pro File: The old-school hacker traces a path from young hardware tinkerer to senior cybersecurity executive.
🕴 Vault Vision Launches One Click Passwordless Logins With Passkey User Authentication 🕴
📖 Read
via "Dark Reading".
Eliminate passwords in user authentication workflow with Vault Vision's passkey features like facial recognition, fingerprint and pin verification on all modern devices.📖 Read
via "Dark Reading".
Dark Reading
Vault Vision Launches One Click Passwordless Logins With Passkey User Authentication
Eliminate passwords in user authentication workflow with Vault Vision's passkey features like facial recognition, fingerprint and pin verification on all modern devices.
‼ CVE-2022-2176 ‼
📖 Read
via "National Vulnerability Database".
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.📖 Read
via "National Vulnerability Database".
🕴 Wiper Malware Surges Ahead, Spiking 53% in 3 Months 🕴
📖 Read
via "Dark Reading".
Cybercriminals and hacktivists have joined state-backed actors in using sabotage-bent malware in destructive attacks, new report shows.📖 Read
via "Dark Reading".
Dark Reading
Wiper Malware Surges Ahead, Spiking 53% in 3 Months
Cybercriminals and hacktivists have joined state-backed actors in using sabotage-bent malware in destructive attacks, new report shows.
🕴 Unanswered Questions Cloud the Recent Targeting of an Asian Research Org 🕴
📖 Read
via "Dark Reading".
A novel threat group, utilizing new malware, is out in the wild. But the who, what, where, and why are yet to be determined, and there's evidence of a false-flag operation.📖 Read
via "Dark Reading".
Dark Reading
Unanswered Questions Cloud the Recent Targeting of an Asian Research Org
A novel threat group, utilizing new malware, is out in the wild. But the who, what, where, and why are yet to be determined, and there's evidence of a false-flag operation.
🕴 Linux Foundation Europe Announces Formation of OpenWallet Foundation 🕴
📖 Read
via "Dark Reading".
Diverse ecosystem of global technology, finance, and university leaders join as first OpenWallet Foundation Members, many more expected.📖 Read
via "Dark Reading".
Dark Reading
Linux Foundation Europe Announces Formation of OpenWallet Foundation
Diverse ecosystem of global technology, finance, and university leaders join as first OpenWallet Foundation Members, many more expected.
👍1
🕴 Cyberattack on Dole Causes Temporary Salad Shortage 🕴
📖 Read
via "Dark Reading".
The produce company said it suffered a ransomware attack earlier this month.📖 Read
via "Dark Reading".
Dark Reading
Cyberattack on Dole Causes Temporary Salad Shortage
The produce company said it suffered a ransomware attack earlier this month.
‼ CVE-2023-0597 ‼
📖 Read
via "National Vulnerability Database".
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20011 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23914 ‼
📖 Read
via "National Vulnerability Database".
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22476 ‼
📖 Read
via "National Vulnerability Database".
Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20015 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23920 ‼
📖 Read
via "National Vulnerability Database".
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20016 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23918 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23919 ‼
📖 Read
via "National Vulnerability Database".
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3219 ‼
📖 Read
via "National Vulnerability Database".
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0044 ‼
📖 Read
via "National Vulnerability Database".
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23915 ‼
📖 Read
via "National Vulnerability Database".
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.📖 Read
via "National Vulnerability Database".