🛡 Cybersecurity & Privacy 🛡 - News

Adaptive Access Technologies Gaining Traction for Security, Agility

With companies pushing to adopt zero-trust frameworks, adaptive authentication and access — once languishing — looks finally ready to move out of the doldrums.

280 views19:30

📢 Okta launches new partner programme to capture $80b identity market 📢

Revamped initiative introduces a new tiering system and badging model to showcase partner capabilities

📖 Read

via "ITPro".

Okta launches new partner programme to capture $80b identity market

Revamped initiative introduces a new tiering system and badging model to showcase partner capabilities

245 views19:51

📢 3CX CEO confirms supply chain malware attack 📢

The VoIP company has confirmed that its desktop app has been infected with malware and urged customers to uninstall it until the new version is released

📖 Read

via "ITPro".

3CX CEO suggests state-sponsored hackers behind supply chain malware attack

The VoIP company has confirmed that its desktop app has been infected with malware and urged customers to uninstall it until the new version is released

👍1

225 views19:51

📢 How Intel's FaceCatcher hopes to eradicate real-time deepfakes 📢

The company’s ‘blood flow’ breakthrough could banish deepfakes to history

📖 Read

via "ITPro".

How Intel's FaceCatcher hopes to eradicate real-time deepfakes

The company’s ‘blood flow’ breakthrough could banish deepfakes to history

202 views19:51

Multi-cloud ‘over-permissioning’ causing cyber risk headaches for businesses

📢 Multi-cloud ‘over-permissioning’ causing cyber risk headaches for businesses 📢

With multi-cloud environments expanding, businesses are creating too many unused identities that can be abused

📖 Read

via "ITPro".

Cloud Pro

With multi-cloud environments expanding, businesses are creating too many unused identities that can be abused

212 views19:51

📢 Microsoft Security Copilot could be a seismic success for the tech industry 📢

The tool has been greeted with overwhelming excitement from security professionals and stands to change the lives of threat analysts forever

📖 Read

via "ITPro".

Microsoft Security Copilot could be a seismic success for the tech industry

The tool has been greeted with overwhelming excitement from security professionals and stands to change the lives of threat analysts forever

230 views19:51

Climb Channel Solutions bags UK double deal with Malwarebytes and Invicti

📢 Climb Channel Solutions bags UK double deal with Malwarebytes and Invicti 📢

The speciality IT distributor’s UK&I portfolio now includes Invicti’s AppSec solutions and Malwarebytes’ full business offering

📖 Read

via "ITPro".

channelpro

The speciality IT distributor’s UK&I portfolio now includes Invicti’s AppSec solutions and Malwarebytes’ full business offering

235 views19:57

‼ CVE-2023-29140 ‼

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.

📖 Read

via "National Vulnerability Database".

210 views20:22

‼ CVE-2023-28843 ‼

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability.

📖 Read

via "National Vulnerability Database".

212 views20:22

‼ CVE-2023-27160 ‼

forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.

📖 Read

via "National Vulnerability Database".

197 views20:22

‼ CVE-2023-29137 ‼

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.

📖 Read

via "National Vulnerability Database".

203 views20:22

‼ CVE-2023-27159 ‼

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

📖 Read

via "National Vulnerability Database".

209 views20:22

‼ CVE-2023-26925 ‼

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.

📖 Read

via "National Vulnerability Database".

211 views20:22

‼ CVE-2023-29141 ‼

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

📖 Read

via "National Vulnerability Database".

228 views20:22

‼ CVE-2023-29139 ‼

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).

📖 Read

via "National Vulnerability Database".

246 views20:22

‼ CVE-2023-23594 ‼

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes.

📖 Read

via "National Vulnerability Database".

284 views20:22

🕴 Pro-Islam 'Anonymous Sudan' Hacktivists Likely a Front for Russia's Killnet Operation 🕴

"Anonymous Sudan" has been claiming that its DDoS attacks are in retaliation for anti-Islamic activities, but at least one security vendor is suspicious about its true motives.

📖 Read

via "Dark Reading".

Pro-Islam 'Anonymous Sudan' Hacktivists Likely a Front for Russia's Killnet Operation

"Anonymous Sudan" has been claiming that its DDoS attacks are in retaliation for anti-Islamic activities, but at least one security vendor is suspicious about its true motives.

298 views21:30

🕴 Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Increase Cybersecurity Spending 🕴

The State of Email Security Report reveals cyber risk commands the C-suite's focus.

📖 Read

via "Dark Reading".

Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Increase Cybersecurity Spending

The State of Email Security Report reveals cyber risk commands the C-suite's focus.

296 views21:30

🕴 Elastic Expands Cloud Security Capabilities for AWS 🕴

Launching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations.

📖 Read

via "Dark Reading".

Elastic Expands Cloud Security Capabilities for AWS

Launching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations.

278 views22:00

🕴 The FDA's Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say 🕴

The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.

📖 Read

via "Dark Reading".

The FDA's Medical Device Cybersecurity Overhaul Has Real Teeth, Experts Say

The physical and cyber safety issues surrounding medical devices like IV pumps is finally being meaningfully addressed by a new policy taking effect this week.

276 views22:00