βΌ CVE-2023-27984 βΌ
π Read
via "National Vulnerability Database".
A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).π Read
via "National Vulnerability Database".
βΌ CVE-2023-27981 βΌ
π Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).π Read
via "National Vulnerability Database".
π’ Bitwarden to release fix for four-year-old vulnerability π’
π Read
via "ITPro".
The password manager knew about the issue since 2018, exploits for which were highlighted in a Flashpoint report earlier in Marchπ Read
via "ITPro".
ITPro
Bitwarden to release fix for four-year-old vulnerability
The password manager knew about the issue since 2018, exploits for which were highlighted in a Flashpoint report earlier in March
π’ Podcast transcript: The changing face of cyber warfare π’
π Read
via "ITPro".
Read the full transcript for this episode of ITPro Podcastπ Read
via "ITPro".
ITPro
Podcast transcript: The changing face of cyber warfare
Read the full transcript for this episode of ITPro Podcast
π’ ITPro Podcast: The changing face of cyber warfare π’
π Read
via "ITPro".
Russian-sponsored cyber attacks may not have had the feared impact, but for Europe theyβre here to stayπ Read
via "ITPro".
ITPro
ITPro Podcast: The changing face of cyber warfare
Russian-sponsored cyber attacks may not have had the feared impact, but for Europe theyβre here to stay
π’ Latitude hack leaves customers unable to protect their accounts π’
π Read
via "ITPro".
The cyber attack has affected around 330,000 customers, although the company has said this is likely to increaseπ Read
via "ITPro".
ITPro
Latitude hack now under state investigation as customers struggle to protect their accounts
The cyber attack has affected around 330,000 customers, although the company has said this is likely to increase
π’ Hacker who ran BreachForums could face 20 years in prison π’
π Read
via "ITPro".
The hacker behind BreachForums is thought to have been involved in a string of cyber attacksπ Read
via "ITPro".
ITPro
Hacker who ran BreachForums could face 20 years in prison
The hacker behind BreachForums is thought to have been involved in a string of cyber attacks
π1
π’ Free decryptor released for Conti ransomware variant infecting hundreds of organisations π’
π Read
via "ITPro".
Hundreds of organisations and state institutions are believed to have been impacted by the strainπ Read
via "ITPro".
ITPro
Free decryptor released for Conti ransomware variant infecting hundreds of organisations
Hundreds of organisations and state institutions are believed to have been impacted by the strain
π΄ Controlling Third-Party Data Risk Should Be a Top Cybersecurity Priority π΄
π Read
via "Dark Reading".
Third-party breaches have a wide effect that legacy security practices can no longer detect.π Read
via "Dark Reading".
Dark Reading
Controlling Third-Party Data Risk Should Be a Top Cybersecurity Priority
Third-party breaches have a wide effect that legacy security practices can no longer detect.
βΌ CVE-2023-1153 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27979 βΌ
π Read
via "National Vulnerability Database".
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).π Read
via "National Vulnerability Database".
βΌ CVE-2023-1314 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory. An attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer's repair functionality to delete the target file during the repair process. Exploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised. The cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27977 βΌ
π Read
via "National Vulnerability Database".
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).π Read
via "National Vulnerability Database".
βΌ CVE-2022-42332 βΌ
π Read
via "National Vulnerability Database".
x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42331 βΌ
π Read
via "National Vulnerability Database".
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42334 βΌ
π Read
via "National Vulnerability Database".
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).π Read
via "National Vulnerability Database".
βΌ CVE-2023-1154 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS.This issue affects Pacsrapor: before 1.22.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42333 βΌ
π Read
via "National Vulnerability Database".
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).π Read
via "National Vulnerability Database".
βΌ CVE-2023-27874 βΌ
π Read
via "National Vulnerability Database".
IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25689 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247618.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27873 βΌ
π Read
via "National Vulnerability Database".
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654.π Read
via "National Vulnerability Database".