π΄ Microsoft Zero-Day Bugs Allow Security Feature Bypass π΄
π Read
via "Dark Reading".
Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.π Read
via "Dark Reading".
Dark Reading
Microsoft Zero-Day Bugs Allow Security Feature Bypass
Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.
π΄ Camozzi Group and Radiflow Announce Collaboration on Industrial Systems Cybersecurity π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Camozzi Group and Radiflow Announce Collaboration on Industrial Systems Cybersecurity
Brescia, Istanbul, Tel Aviv, March 14th, 2023 β Camozzi Group, a leading provider of Industrial Automation solutions, and Radiflow, part of Sabanci Holding and a global player in Industrial Cybersecurity and Operational Technology (OT), have announced a collaborationβ¦
βΌ CVE-2023-28343 βΌ
π Read
via "National Vulnerability Database".
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26262 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27590 βΌ
π Read
via "National Vulnerability Database".
Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26511 βΌ
π Read
via "National Vulnerability Database".
A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system.π Read
via "National Vulnerability Database".
π΄ Optiv More Than Doubles Federal Presence With ClearShark Acquisition π΄
π Read
via "Dark Reading".
Convergence of two leading cybersecurity companies creates federal sector powerhouse.π Read
via "Dark Reading".
Dark Reading
Optiv More Than Doubles Federal Presence With ClearShark Acquisition
Convergence of two leading cybersecurity companies creates federal sector powerhouse.
β Firefox 111 patches 11 holes, but not 1 zero-day among themβ¦ β
π Read
via "Naked Security".
In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Microsoft fixes two 0-days on Patch Tuesday β update now! β
π Read
via "Naked Security".
An email you haven't even looked at yet could be used to trick your mail server into helping crooks to logon as you.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-1327 βΌ
π Read
via "National Vulnerability Database".
Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.π Read
via "National Vulnerability Database".
π΄ How Patch Tuesday Keeps the Beat After 20 Years π΄
π Read
via "Dark Reading".
Patch Tuesday turned security updates from chaotic events into a routine. Here's how we got here, and where things might be heading.π Read
via "Dark Reading".
Dark Reading
How Patch Tuesday Keeps the Beat After 20 Years
Patch Tuesday turned security updates from chaotic events into a routine. Here's how we got here and where things might be heading.
βοΈ Two U.S. Men Charged in 2022 Hacking of DEA Portal βοΈ
π Read
via "Krebs on Security".
Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.π Read
via "Krebs on Security".
Krebs on Security
Two U.S. Men Charged in 2022 Hacking of DEA Portal
Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes inβ¦
βΌ CVE-2023-27235 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1407 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223111.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-27239 βΌ
π Read
via "National Vulnerability Database".
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27240 βΌ
π Read
via "National Vulnerability Database".
Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27234 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.π Read
via "National Vulnerability Database".
π΄ Are We Doing Enough to Protect Our Unstructured Data? π΄
π Read
via "Dark Reading".
Organizations are coming under pressure to protect their data, but does all data need the same security? To secure it, you first need to know what and where it is.π Read
via "Dark Reading".
Dark Reading
Are We Doing Enough to Protect Our Unstructured Data?
Organizations are coming under pressure to protect their data, but does all data need the same security? To secure it, you first need to know what and where it is.
π΄ SMBs Orgs Want Help, but Cybersecurity Expertise Is Scarce π΄
π Read
via "Dark Reading".
Smaller firms are boosting cybersecurity budgets, but there's a long way to go to address a deep lack of cyber preparedness among SMBs.π Read
via "Dark Reading".
Dark Reading
SMBs Orgs Want Help, but Cybersecurity Expertise Is Scarce
Smaller firms are boosting cybersecurity budgets, but there's a long way to go to address a deep lack of cyber preparedness among SMBs.
βΌ CVE-2022-45155 βΌ
π Read
via "National Vulnerability Database".
An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0322 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 28376.π Read
via "National Vulnerability Database".