βΌ CVE-2023-28613 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1751 βΌ
π Read
via "National Vulnerability Database".
The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId.π Read
via "National Vulnerability Database".
π΄ Mysterious 'Rorschach' Ransomware Doubles Known Encryption Speeds π΄
π Read
via "Dark Reading".
The malware is one of the most sophisticated ransomwares ever seen in the wild, and marks a leap ahead for cybercrime.π Read
via "Dark Reading".
Dark Reading
Mysterious 'Rorschach' Ransomware Doubles Known Encryption Speeds
The malware is one of the most sophisticated ransomwares ever seen in the wild, and marks a leap ahead for cybercrime.
βΌ CVE-2023-27491 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27089 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27492 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27091 βΌ
π Read
via "National Vulnerability Database".
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).π Read
via "National Vulnerability Database".
βΌ CVE-2023-27488 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`.π Read
via "National Vulnerability Database".
βοΈ FBI Seizes Bot Shop βGenesis Marketβ Amid Arrests Targeting Operators, Suppliers βοΈ
π Read
via "Krebs on Security".
Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.π Read
via "Krebs on Security".
Krebs on Security
FBI Seizes Bot Shop βGenesis Marketβ Amid Arrests Targeting Operators, Suppliers
Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sourcesβ¦
π±1
π΄ eFile Tax Return Software Found Serving Up Malware π΄
π Read
via "Dark Reading".
In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.π Read
via "Dark Reading".
Dark Reading
eFile Tax Return Software Found Serving Up Malware
In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.
π΄ Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach π΄
π Read
via "Dark Reading".
Uber gave sensitive data on drivers to a law firm representing the company in legal actions, but the data appears to not have had adequate security protections.π Read
via "Dark Reading".
Dark Reading
Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach
Uber gave sensitive data on drivers to a law firm representing the company in legal actions, but the data appears to not have had adequate security protections.
βΌ CVE-2023-1840 βΌ
π Read
via "National Vulnerability Database".
The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27493 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of EnvoyΓ’β¬β’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27496 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).π Read
via "National Vulnerability Database".
π΄ Industrial Defender Launches Phoenix: OT Visibility & Security Solution for Small to Midsized Operations π΄
π Read
via "Dark Reading".
Phoenix addresses the critical need for smaller operators to secure their operations with an easy-to-use and cost-effective OT security solution.π Read
via "Dark Reading".
Dark Reading
Industrial Defender Launches Phoenix: OT Visibility & Security Solution for Small to Midsized Operations
Phoenix addresses the critical need for smaller operators to secure their operations with an easy-to-use and cost-effective OT security solution.
π΄ Cybereason Secures $100M in Funding Led by SoftBank Corp. π΄
π Read
via "Dark Reading".
Cybereason announces additional funding led by Softbank Corp.π Read
via "Dark Reading".
Dark Reading
Cybereason Secures $100M in Funding Led by SoftBank Corp.
Cybereason announces additional funding led by Softbank Corp.
π΄ CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture π΄
π Read
via "Dark Reading".
Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.π Read
via "Dark Reading".
Dark Reading
CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture
Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.
π΄ F5 Safeguards Digital Services With New AI-Powered App and API Security Capabilities π΄
π Read
via "Dark Reading".
Enhanced API defenses, granular machine learning capabilities, and new managed service offerings provide comprehensive protection across distributed environments.π Read
via "Dark Reading".
Dark Reading
F5 Safeguards Digital Services With New AI-Powered App and API Security Capabilities
Enhanced API defenses, granular machine learning capabilities, and new managed service offerings provide comprehensive protection across distributed environments.
β€2
βΌ CVE-2023-0382 βΌ
π Read
via "National Vulnerability Database".
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1847 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1853 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability.π Read
via "National Vulnerability Database".