βΌ CVE-2023-25956 βΌ
π Read
via "National Vulnerability Database".
Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4105 βΌ
π Read
via "National Vulnerability Database".
Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727.π Read
via "National Vulnerability Database".
π΄ To Safeguard Critical Infrastructure, Go Back to Basics π΄
π Read
via "Dark Reading".
CISA's recently released cybersecurity performance goals can help lower risk and thwart the impact of cyberattacks.π Read
via "Dark Reading".
Dark Reading
To Safeguard Critical Infrastructure, Go Back to Basics
CISA's recently released cybersecurity performance goals can help lower risk and thwart the impact of cyberattacks.
π΄ TikTok Ban Hits EU Commission Phones as Cybersecurity Worries Mount π΄
π Read
via "Dark Reading".
Employees of the EU Commission are no longer allowed to use the TikTok app thanks to concerns over data security.π Read
via "Dark Reading".
Dark Reading
TikTok Ban Hits EU Commission Phones as Cybersecurity Worries Mount
Employees of the EU Commission are no longer allowed to use the TikTok app thanks to concerns over data security.
βΌ CVE-2021-35369 βΌ
π Read
via "National Vulnerability Database".
Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to obtain sensitive information via the filtering_get_contents function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33387 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33224 βΌ
π Read
via "National Vulnerability Database".
File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4203 βΌ
π Read
via "National Vulnerability Database".
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34064 βΌ
π Read
via "National Vulnerability Database".
An issue found in Koel v.5.1.4 and before allows remote attackers to gain access to sensitive information via the login form parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35370 βΌ
π Read
via "National Vulnerability Database".
An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23205 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0585 βΌ
π Read
via "National Vulnerability Database".
The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43923 βΌ
π Read
via "National Vulnerability Database".
IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0586 βΌ
π Read
via "National Vulnerability Database".
The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
β S3 Ep123: Crypto company compromise kerfuffle [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1π€1
βΌ CVE-2023-0481 βΌ
π Read
via "National Vulnerability Database".
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.π Read
via "National Vulnerability Database".
π΄ Evaluating the Cyber War Set Off by Russian Invasion of Ukraine π΄
π Read
via "Dark Reading".
Preparation and cooperation helped to mitigate the worst of the digital damage, amid cyber sorties from all sides.π Read
via "Dark Reading".
Dark Reading
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine
Preparation and cooperation helped to mitigate the worst of the digital damage, amid cyber sorties from all sides.
βοΈ Whoβs Behind the Botnet-Based Service BHProxies? βοΈ
π Read
via "Krebs on Security".
A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Hereβs a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.π Read
via "Krebs on Security".
Krebs on Security
Whoβs Behind the Botnet-Based Service BHProxies?
A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers.β¦
π΄ 'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover π΄
π Read
via "Dark Reading".
With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.π Read
via "Dark Reading".
Dark Reading
'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover
With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.
π΄ CISA: Beware of DDoS, Web Defacements on Anniversary of Russian Invasion of Ukraine π΄
π Read
via "Dark Reading".
The Cybersecurity and Infrastructure Security Agency advises US and European nations to prepare for possible website attacks marking the Feb. 24 invasion of Ukraine by Russia.π Read
via "Dark Reading".
Dark Reading
CISA: Beware of DDoS, Web Defacements on Anniversary of Russian Invasion of Ukraine
The Cybersecurity and Infrastructure Security Agency advises US and European nations to prepare for possible website attacks marking the Feb. 24 invasion of Ukraine by Russia.
π΄ Canadian Telecom Firm Telus Reportedly Investigating Breach π΄
π Read
via "Dark Reading".
A threat actor has leaked data β purportedly, samples of Telus employee payroll data and source code β on a hacker site.π Read
via "Dark Reading".
Dark Reading
Canadian Telecom Firm Telus Reportedly Investigating Breach
A threat actor has leaked data β purportedly, samples of Telus employee payroll data and source code β on a hacker site.