βΌ CVE-2023-27040 βΌ
π Read
via "National Vulnerability Database".
Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28104 βΌ
π Read
via "National Vulnerability Database".
`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28110 βΌ
π Read
via "National Vulnerability Database".
Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Prior to version 2.28.8, using illegal tokens to connect to a Kubernetes cluster through Koko can result in the execution of dangerous commands that may disrupt the Koko container environment and affect normal usage. The vulnerability has been fixed in v2.28.8.π Read
via "National Vulnerability Database".
π΄ $3B Crypto-Mixer Money Laundering Operation Seized by Cops π΄
π Read
via "Dark Reading".
The 'ChipMixer' cryptocurrency service for cybercriminals was shut down by law enforcement, and its alleged operator has been charged.π Read
via "Dark Reading".
Dark Reading
$3B Crypto-Mixer Money Laundering Operation Seized by Cops
The 'ChipMixer' cryptocurrency service for cybercriminals was shut down by law enforcement, and its alleged operator has been charged.
βΌ CVE-2023-0811 βΌ
π Read
via "National Vulnerability Database".
Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1256 βΌ
π Read
via "National Vulnerability Database".
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.π Read
via "National Vulnerability Database".
π’ Rubrik confirms data breach but evades Cl0p ransomware allegations π’
π Read
via "ITPro".
It admitted some data was stolen through the exploitation of a zero day in a third-party platform, but has declined to comment on rumours of Cl0p's involvementπ Read
via "ITPro".
ITPro
Rubrik confirms data breach but evades Cl0p ransomware allegations
It admitted some data was stolen through the exploitation of a zero day in a third-party platform, but has declined to comment on rumours of Cl0p's involvement
π’ Outlook zero day patch causes headaches for Windows admins π’
π Read
via "ITPro".
The patch comes along with Microsoft's monthly Patch Tuesday updates which fix 83 vulnerabilities and two total zero daysπ Read
via "ITPro".
ITPro
Windows admins plagued with issues after installing Outlook zero day patch
The patch comes along with Microsoft's monthly Patch Tuesday updates which fix 83 vulnerabilities and two total zero days
π’ Network security musts: The seven point checklist π’
π Read
via "ITPro".
How to acquire and deploy your cloud-based network security solutionπ Read
via "ITPro".
ITPro
Network security musts: The seven point checklist
How to acquire and deploy your cloud-based network security solution
π’ Analysing the economic benefits of Trend Micro Vision One π’
π Read
via "ITPro".
Trend Micro Vision One as a solution to cyber risksπ Read
via "ITPro".
ITPro
Analyzing the economic benefits of Trend Micro Vision One
Trend Micro Vision One as a solution to cyber risks
π’ A roadmap to Zero Trust with Cloudflare and CrowdStrike π’
π Read
via "ITPro".
Achieve end-to-end protection across endpoints, networks, and applicationsπ Read
via "ITPro".
ITPro
A roadmap to Zero Trust with Cloudflare and CrowdStrike
Achieve end-to-end protection across endpoints, networks, and applications
π’ Zscaler makes key hire as it looks to revamp its partner programme π’
π Read
via "ITPro".
Former Palo Alto Networks executive Karl Soderlund will work to modernise Zscaler's channel operationsπ Read
via "ITPro".
channelpro
Zscaler makes key hire as it looks to revamp its partner programme
Former Palo Alto Networks executive Karl Soderlund will work to modernise Zscaler's channel operations
π’ Ring denies ALPHV ransomware attack π’
π Read
via "ITPro".
The ransomware group has claimed to be in possession of stolen Ring data, but provided no evidenceπ Read
via "ITPro".
ITPro
Ring: 'No indication of ransomware event' after ALPHV claims attack
The ransomware group has claimed to be in possession of stolen Ring data, but provided no evidence
π’ Achieving zero trust for corporate networks π’
π Read
via "ITPro".
Zero trust is a new way of thinking about information securityπ Read
via "ITPro".
ITPro
Achieving zero trust for corporate networks
Zero trust is a new way of thinking about information security
π’ Orange Cyberdefense collaborates with Microsoft to release two new managed services π’
π Read
via "ITPro".
New managed workspace protection and XDR offerings aim to help businesses βstay ahead of threatsβπ Read
via "ITPro".
channelpro
Orange Cyberdefense collaborates with Microsoft to release two new managed services
New managed workspace protection and XDR offerings aim to help businesses βstay ahead of threatsβ
π’ Brand-new Emotet campaign socially engineers its way from detection π’
π Read
via "ITPro".
This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macrosπ Read
via "ITPro".
ITPro
Brand-new Emotet campaign socially engineers its way from detection
This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
π’ The WFH cyber security checklist π’
π Read
via "ITPro".
Ten ways to win the remote access game with ZTNAπ Read
via "ITPro".
ITPro
The WFH cyber security checklist
Ten ways to win the remote access game with ZTNA
π’ SOC modernisation and and the role of XDR π’
π Read
via "ITPro".
Security operations remain challengingπ Read
via "ITPro".
ITPro
SOC modernization and the role of XDR
Security operations remain challenging
π’ Accelerating your IT transformation π’
π Read
via "ITPro".
How Cloudflare is innovating for CIOs to start 2023π Read
via "ITPro".
ITPro
Accelerating your IT transformation
How Cloudflare is innovating for CIOs to start 2023
π’ Defending against malware attacks starts here π’
π Read
via "ITPro".
The ultimate guide to building your malware defence strategyπ Read
via "ITPro".
ITPro
Defending against malware attacks starts here
The ultimate guide to building your malware defence strategy