βΌ CVE-2023-26056 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
π΄ BlackLotus Bookit Found Targeting Windows 11 π΄
π Read
via "Dark Reading".
Sold for around $5,000 in hacking forums, the BlackLotus UEFI bootkit is capable of targeting even updated systems, researchers find.π Read
via "Dark Reading".
Dark Reading
BlackLotus Bookit Found Targeting Windows 11
Sold for around $5,000 in hacking forums, the BlackLotus UEFI bootkit is capable of targeting even updated systems, researchers find.
π΄ Biden's Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security π΄
π Read
via "Dark Reading".
The new White House plan outlines proposed minimum security requirements in critical infrastructure β and for shifting liability for software products to vendors.π Read
via "Dark Reading".
Dark Reading
Biden's Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security
The new White House plan outlines proposed minimum security requirements in critical infrastructure β and for shifting liability for software products to vendors.
π΄ CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds π΄
π Read
via "Dark Reading".
The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language.π Read
via "Dark Reading".
Dark Reading
CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds
The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language.
βΌ CVE-2023-1101 βΌ
π Read
via "National Vulnerability Database".
SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22381 βΌ
π Read
via "National Vulnerability Database".
A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0656 βΌ
π Read
via "National Vulnerability Database".
A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35645 βΌ
π Read
via "National Vulnerability Database".
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46501 βΌ
π Read
via "National Vulnerability Database".
Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.π Read
via "National Vulnerability Database".
π΄ Axis Security Acquisition Strengthens Aruba's SASE Solutions With Integrated Cloud Security and SD-WAN π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Axis Security Acquisition Strengthens Aruba's SASE Solutions With Integrated Cloud Security and SD-WAN
HOUSTON, Texas β March 2, 2023 β Hewlett Packard Enterprise (NYSE: HPE) today announced that it entered into a definitive agreement to acquire Axis Security, a cloud security provider. This acquisition will allow HPE to expand its edge-to-cloud security capabilitiesβ¦
βΌ CVE-2022-40633 βΌ
π Read
via "National Vulnerability Database".
A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks.π Read
via "National Vulnerability Database".
βοΈ Highlights from the New U.S. Cybersecurity Strategy βοΈ
π Read
via "Krebs on Security".
The Biden administration today issued its vision for beefing up the nation's collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House's new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and names China as the single biggest cyber threat to U.S. interests.π Read
via "Krebs on Security".
Krebs on Security
Highlights from the New U.S. Cybersecurity Strategy
The Biden administration today issued its vision for beefing up the nation's collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The Whiteβ¦
π₯1
π΄ IBM Contributes Supply Chain Security Tools to OWASP π΄
π Read
via "Dark Reading".
License Scanner and SBOM Utility will boost the capabilities of OWASP's CycloneDX Software Bill of Materials standard.π Read
via "Dark Reading".
Dark Reading
IBM Contributes Supply Chain Security Tools to OWASP
License Scanner and SBOM Utility will boost the capabilities of OWASP's CycloneDX Software Bill of Materials standard.
βΌ CVE-2023-1160 βΌ
π Read
via "National Vulnerability Database".
Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0457 βΌ
π Read
via "National Vulnerability Database".
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U(C) CPU modules all models all versions, FX5UJ CPU modules all models all versions, FX5S CPU modules all models all versions, FX5-ENET all versions and FX5-ENET/IP all versions allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.π Read
via "National Vulnerability Database".
π’ CISA: Tech industry 'shouldn't tolerate' Patch Tuesday π’
π Read
via "ITPro".
CISA director Jen Easterly said the tech industry has allowed the widespread acceptance of "deviant behaviours" to make a mockery of cyber securityπ Read
via "ITPro".
ITPro
CISA: Tech industry 'shouldn't tolerate' Patch Tuesday, unsecured software
CISA director Jen Easterly said the tech industry has allowed the widespread acceptance of "deviant behaviours" to make a mockery of cyber security
π’ Uncovering the ransomware threat from global supply chains π’
π Read
via "ITPro".
Everything is connectedπ Read
via "ITPro".
ITPro
Uncovering the ransomware threat from global supply chains
Everything is connected
π1
π’ Leaked today, exploited for life π’
π Read
via "ITPro".
How social media biometric patterns affect your futureπ Read
via "ITPro".
ITPro
Leaked today, exploited for life
How social media biometric patterns affect your future
π’ The near and far future of ransomware business models π’
π Read
via "ITPro".
What would make ransomware actors change their criminal business models?π Read
via "ITPro".
ITPro
The near and far future of ransomware business models
What would make ransomware actors change their criminal business models?
π’ Trend Micro security predictions for 2023 π’
π Read
via "ITPro".
Prioritise cyber security strategies on capabilities rather than costsπ Read
via "ITPro".
ITPro
Trend Micro security predictions for 2023
Prioritise cyber security strategies on capabilities rather than costs
π’ Bitdefender releases free MortalKombat ransomware decryptor tool π’
π Read
via "ITPro".
While still a relatively new strain, MortalKombat has been used extensively to target users and steal cryptocurrencyπ Read
via "ITPro".
ITPro
Bitdefender releases free MortalKombat ransomware decryptor tool
While still a relatively new strain, MortalKombat has been used extensively to target users and steal cryptocurrency