βΌ CVE-2022-43923 βΌ
π Read
via "National Vulnerability Database".
IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0586 βΌ
π Read
via "National Vulnerability Database".
The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
β S3 Ep123: Crypto company compromise kerfuffle [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now! Top-notch advice for cybersecurity, both at work and at home.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1π€1
βΌ CVE-2023-0481 βΌ
π Read
via "National Vulnerability Database".
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.π Read
via "National Vulnerability Database".
π΄ Evaluating the Cyber War Set Off by Russian Invasion of Ukraine π΄
π Read
via "Dark Reading".
Preparation and cooperation helped to mitigate the worst of the digital damage, amid cyber sorties from all sides.π Read
via "Dark Reading".
Dark Reading
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine
Preparation and cooperation helped to mitigate the worst of the digital damage, amid cyber sorties from all sides.
βοΈ Whoβs Behind the Botnet-Based Service BHProxies? βοΈ
π Read
via "Krebs on Security".
A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Hereβs a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.π Read
via "Krebs on Security".
Krebs on Security
Whoβs Behind the Botnet-Based Service BHProxies?
A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers.β¦
π΄ 'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover π΄
π Read
via "Dark Reading".
With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.π Read
via "Dark Reading".
Dark Reading
'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover
With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.
π΄ CISA: Beware of DDoS, Web Defacements on Anniversary of Russian Invasion of Ukraine π΄
π Read
via "Dark Reading".
The Cybersecurity and Infrastructure Security Agency advises US and European nations to prepare for possible website attacks marking the Feb. 24 invasion of Ukraine by Russia.π Read
via "Dark Reading".
Dark Reading
CISA: Beware of DDoS, Web Defacements on Anniversary of Russian Invasion of Ukraine
The Cybersecurity and Infrastructure Security Agency advises US and European nations to prepare for possible website attacks marking the Feb. 24 invasion of Ukraine by Russia.
π΄ Canadian Telecom Firm Telus Reportedly Investigating Breach π΄
π Read
via "Dark Reading".
A threat actor has leaked data β purportedly, samples of Telus employee payroll data and source code β on a hacker site.π Read
via "Dark Reading".
Dark Reading
Canadian Telecom Firm Telus Reportedly Investigating Breach
A threat actor has leaked data β purportedly, samples of Telus employee payroll data and source code β on a hacker site.
βΌ CVE-2022-44310 βΌ
π Read
via "National Vulnerability Database".
In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1029 βΌ
π Read
via "National Vulnerability Database".
The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1030 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221755.π Read
via "National Vulnerability Database".
π΄ Tackling Software Supply Chain Issues With CNAPP π΄
π Read
via "Dark Reading".
The cloud-native application protection platform market is expanding as security teams look to protect their applications and the software supply chain.π Read
via "Dark Reading".
Dark Reading
Tackling Software Supply Chain Issues With CNAPP
The cloud-native application protection platform market is expanding as security teams look to protect their applications and the software supply chain.
βΌ CVE-2021-34248 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in sourcecodester mobile-shop-system-php-mysql 1.0 allows remote attackers to log in via crafterdstring in the email field of the log in page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35290 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24189 βΌ
π Read
via "National Vulnerability Database".
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34249 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-34167 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.π Read
via "National Vulnerability Database".
π’ The UN's cyber crime treaty could be a privacy disaster π’
π Read
via "ITPro".
Although a UN committee is fleshing out a new international cyber crime treaty, experts question whether itβll make any positive difference to businessesπ Read
via "ITPro".
ITPro
The UN's cyber crime treaty could be a privacy disaster
Although a UN committee is fleshing out a new international cyber crime treaty, experts question whether itβll make any positive difference to businesses
π’ LockBit leaks 44GB of Royal Mail's data, new Β£33m ransom set π’
π Read
via "ITPro".
200 employees are believed to be affected with vaccine records, salary information, HR formal dismissal documents, and business contract documents all appearing to be included in the leakπ Read
via "ITPro".
ITPro
LockBit leaks 44GB of Royal Mail's data and sets fresh Β£33 million ransom
200 employees are believed to be affected with vaccine records, salary information, HR formal dismissal documents, and business contract documents all appearing to be included in the leak
π3
βΌ CVE-2023-1035 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784.π Read
via "National Vulnerability Database".