π’ Naoris Protocol snaps up former IBM chief scientist to lead its strategy π’
π Read
via "ITPro".
David Holtzman will lead the mesh security playerβs growth strategy across both Web2 and Web3π Read
via "ITPro".
channelpro
Naoris Protocol snaps up former IBM chief scientist to lead its strategy
David Holtzman will lead the mesh security playerβs growth strategy across both Web2 and Web3
π’ Checkmarx appoints Sandeep Johri as its new CEO π’
π Read
via "ITPro".
Experienced Silicon Valley executive will lead the applications security provider into its next phase of growthπ Read
via "ITPro".
channelpro
Checkmarx appoints Sandeep Johri as its new CEO
Experienced Silicon Valley executive will lead the applications security provider into its next phase of growth
π’ WH Smith hit by cyber attack, current and former staff data accessed π’
π Read
via "ITPro".
The company stated that it is notifying staff members who have been affectedπ Read
via "ITPro".
ITPro
WH Smith hit by cyber attack, current and former staff data accessed
The company stated that it is notifying staff members who have been affected
π’ Mapping the digital attack surface π’
π Read
via "ITPro".
Why global organisations are struggling to manage cyber riskπ Read
via "ITPro".
ITPro
Mapping the digital attack surface
Why global organisations are struggling to manage cyber risk
π1
π΄ It's Time to Assess the Potential Dangers of an Increasingly Connected World π΄
π Read
via "Dark Reading".
With critical infrastructures ever more dependent on the cloud connectivity, the world needs a more stable infrastructure to avoid a crippling cyberattack.π Read
via "Dark Reading".
Dark Reading
It's Time to Assess the Potential Dangers of an Increasingly Connected World
With critical infrastructures ever more dependent on the cloud connectivity, the world needs a more stable infrastructure to avoid a crippling cyberattack.
βΌ CVE-2022-45552 βΌ
π Read
via "National Vulnerability Database".
An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45551 βΌ
π Read
via "National Vulnerability Database".
An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45553 βΌ
π Read
via "National Vulnerability Database".
An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port.π Read
via "National Vulnerability Database".
π Wireshark Analyzer 4.0.4 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 4.0.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β S3 Ep124: When so-called security apps go rogue [Audio + Text] β
π Read
via "Naked Security".
Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!π Read
via "Naked Security".
Naked Security
S3 Ep124: When so-called security apps go rogue [Audio + Text]
Rogue software packages. Rogue βsysadminsβ. Rogue keyloggers. Rogue authenticators. Rogue ROGUES!
π΄ Chick-fil-A Gives Customers a Bone to Pick After Data Breach π΄
π Read
via "Dark Reading".
A two-month-long automated credential-stuffing campaign exposed personal information of Chick-fil-A customers, including birthdays, phone numbers, and membership details.π Read
via "Dark Reading".
Dark Reading
Chick-fil-A Customers Have a Bone to Pick After Account Takeovers
A two-month-long automated credential-stuffing campaign exposed personal information of Chick-fil-A customers, including birthdays, phone numbers, and membership details.
βΌ CVE-2023-20069 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20079 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47665 βΌ
π Read
via "National Vulnerability Database".
Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)π Read
via "National Vulnerability Database".
βΌ CVE-2023-26604 βΌ
π Read
via "National Vulnerability Database".
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20104 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending an arbitrary file to a user and persuading that user to browse to a specific URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20088 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2837 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-20078 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20061 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.π Read
via "National Vulnerability Database".