β Beware rogue 2FA apps in App Store and Google Play β donβt get hacked! β
π Read
via "Naked Security".
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)π Read
via "Naked Security".
Naked Security
Beware rogue 2FA apps in App Store and Google Play β donβt get hacked!
Even in Appleβs and Googleβs βwalled gardensβ, there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)
βοΈ When Low-Tech Hacks Cause High-Impact Breaches βοΈ
π Read
via "Krebs on Security".
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it's worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.π Read
via "Krebs on Security".
Krebs on Security
When Low-Tech Hacks Cause High-Impact Breaches
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandablyβ¦
βΌ CVE-2023-26609 βΌ
π Read
via "National Vulnerability Database".
ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26257 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31405 βΌ
π Read
via "National Vulnerability Database".
MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22636 βΌ
π Read
via "National Vulnerability Database".
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.π Read
via "National Vulnerability Database".
ποΈ Chromium bug allowed SameSite cookie bypass on Android devices ποΈ
π Read
via "The Daily Swig".
Protections against cross-site request forgery could be bypassedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
βΌ CVE-2023-1056 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221821 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1061 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221825 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1054 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221820.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1063 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221827.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1058 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221823.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1057 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1053 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. This issue affects some unknown processing of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221819.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1062 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221826 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1059 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824.π Read
via "National Vulnerability Database".
π΄ As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan π΄
π Read
via "Dark Reading".
Build a playbook for employees on how to handle suspicious communications, use mail filters, and screen and verify unfamiliar calls to bolster a defensive social engineering security strategy.π Read
via "Dark Reading".
Dark Reading
As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan
Build a playbook for employees on how to handle suspicious communications, use mail filters, and screen and verify unfamiliar calls to bolster a defensive social engineering security strategy.
βΌ CVE-2021-32302 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23108 βΌ
π Read
via "National Vulnerability Database".
In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34908 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23080 βΌ
π Read
via "National Vulnerability Database".
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908.π Read
via "National Vulnerability Database".