‼ CVE-2023-26829 ‼
📖 Read
via "National Vulnerability Database".
An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28879 ‼
📖 Read
via "National Vulnerability Database".
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28862 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26830 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0344 ‼
📖 Read
via "National Vulnerability Database".
Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server.📖 Read
via "National Vulnerability Database".
🕴 Is Decentralized Identity About to Reach an Inflection Point? 🕴
📖 Read
via "Dark Reading".
Decentralized identity products are increasingly projected to be introduced to the market in the next couple of years.📖 Read
via "Dark Reading".
Dark Reading
Is Decentralized Identity About to Reach an Inflection Point?
Decentralized identity products are increasingly projected to be introduced to the market in the next couple of years.
♟️ German Police Raid DDoS-Friendly Host ‘FlyHosting’ ♟️
📖 Read
via "Krebs on Security".
Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure.📖 Read
via "Krebs on Security".
Krebs on Security
German Police Raid DDoS-Friendly Host ‘FlyHosting’
Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web service that catered to cybercriminals operating DDoS-for-hire services. Fly Hosting first advertised on cybercrime forums in November 2022, saying it was a Germany…
🕴 Adaptive Access Technologies Gaining Traction for Security, Agility 🕴
📖 Read
via "Dark Reading".
With companies pushing to adopt Zero Trust frameworks, adaptive authentication and access — once languishing — looks finally ready to move out of the doldrums.📖 Read
via "Dark Reading".
Dark Reading
Adaptive Access Technologies Gaining Traction for Security, Agility
With companies pushing to adopt zero-trust frameworks, adaptive authentication and access — once languishing — looks finally ready to move out of the doldrums.
📢 Okta launches new partner programme to capture $80b identity market 📢
📖 Read
via "ITPro".
Revamped initiative introduces a new tiering system and badging model to showcase partner capabilities📖 Read
via "ITPro".
ITPro
Okta launches new partner programme to capture $80b identity market
Revamped initiative introduces a new tiering system and badging model to showcase partner capabilities
📢 3CX CEO confirms supply chain malware attack 📢
📖 Read
via "ITPro".
The VoIP company has confirmed that its desktop app has been infected with malware and urged customers to uninstall it until the new version is released📖 Read
via "ITPro".
ITPro
3CX CEO suggests state-sponsored hackers behind supply chain malware attack
The VoIP company has confirmed that its desktop app has been infected with malware and urged customers to uninstall it until the new version is released
👍1
📢 How Intel's FaceCatcher hopes to eradicate real-time deepfakes 📢
📖 Read
via "ITPro".
The company’s ‘blood flow’ breakthrough could banish deepfakes to history📖 Read
via "ITPro".
ITPro
How Intel's FaceCatcher hopes to eradicate real-time deepfakes
The company’s ‘blood flow’ breakthrough could banish deepfakes to history
📢 Multi-cloud ‘over-permissioning’ causing cyber risk headaches for businesses 📢
📖 Read
via "ITPro".
With multi-cloud environments expanding, businesses are creating too many unused identities that can be abused📖 Read
via "ITPro".
Cloud Pro
Multi-cloud ‘over-permissioning’ causing cyber risk headaches for businesses
With multi-cloud environments expanding, businesses are creating too many unused identities that can be abused
📢 Microsoft Security Copilot could be a seismic success for the tech industry 📢
📖 Read
via "ITPro".
The tool has been greeted with overwhelming excitement from security professionals and stands to change the lives of threat analysts forever📖 Read
via "ITPro".
ITPro
Microsoft Security Copilot could be a seismic success for the tech industry
The tool has been greeted with overwhelming excitement from security professionals and stands to change the lives of threat analysts forever
📢 Climb Channel Solutions bags UK double deal with Malwarebytes and Invicti 📢
📖 Read
via "ITPro".
The speciality IT distributor’s UK&I portfolio now includes Invicti’s AppSec solutions and Malwarebytes’ full business offering📖 Read
via "ITPro".
channelpro
Climb Channel Solutions bags UK double deal with Malwarebytes and Invicti
The speciality IT distributor’s UK&I portfolio now includes Invicti’s AppSec solutions and Malwarebytes’ full business offering
‼ CVE-2023-29140 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28843 ‼
📖 Read
via "National Vulnerability Database".
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27160 ‼
📖 Read
via "National Vulnerability Database".
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29137 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27159 ‼
📖 Read
via "National Vulnerability Database".
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26925 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29141 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.📖 Read
via "National Vulnerability Database".