π΄ 99% of Cybersecurity Leaders Are Stressed About Email Security π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
99% of Cybersecurity Leaders Are Stressed About Email Security
LONDON, UK / March 7, 2023 - Egress, a cybersecurity company that provides intelligent email security, today released its Email Security Risk Report 2023. The report uncovers findings that demonstrate the prevalence of inbound and outbound email securityβ¦
π΄ Palo Alto Survey Reveals 90% of Organizations Cannot Resolve Cyberthreats Within an Hour π΄
π Read
via "Dark Reading".
Third annual report identifies top security gaps and challenges for organizations operating in the cloud.π Read
via "Dark Reading".
Dark Reading
Palo Alto Survey Reveals 90% of Organizations Cannot Resolve Cyberthreats Within an Hour
Third annual report identifies top security gaps and challenges for organizations operating in the cloud.
β Serious Security: TPM 2.0 vulns β is your super-secure data at risk? β
π Read
via "Naked Security".
Security bugs in the very code you've been told you must have to improve the security of your computer...π Read
via "Naked Security".
Naked Security
Serious Security: TPM 2.0 vulns β is your super-secure data at risk?
Security bugs in the very code youβve been told you must have to improve the security of your computerβ¦
π΄ Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears π΄
π Read
via "Dark Reading".
More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.π Read
via "Dark Reading".
Dark Reading
Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.
π΄ ManageEngine Launches Security and Risk Posture Management in its SIEM Solution π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
ManageEngine Launches Security and Risk Posture Management in its SIEM Solution
LONDON, United Kingdomβ March 7, 2023 β ManageEngine, the enterprise IT management division of Zoho Corporation, today announced that it has added a security and risk posture management dashboard to Log360, its unified security information and event managementβ¦
βΌ CVE-2023-25223 βΌ
π Read
via "National Vulnerability Database".
CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40676 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25611 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23776 βΌ
π Read
via "National Vulnerability Database".
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzerπ Read
via "National Vulnerability Database".
βΌ CVE-2023-25605 βΌ
π Read
via "National Vulnerability Database".
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27478 βΌ
π Read
via "National Vulnerability Database".
libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42476 βΌ
π Read
via "National Vulnerability Database".
A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41328 βΌ
π Read
via "National Vulnerability Database".
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45861 βΌ
π Read
via "National Vulnerability Database".
An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46257 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41333 βΌ
π Read
via "National Vulnerability Database".
An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27475 βΌ
π Read
via "National Vulnerability Database".
Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25230 βΌ
π Read
via "National Vulnerability Database".
loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2022-39951 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39953 βΌ
π Read
via "National Vulnerability Database".
A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22297 βΌ
π Read
via "National Vulnerability Database".
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.π Read
via "National Vulnerability Database".