βΌ CVE-2023-27488 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`.π Read
via "National Vulnerability Database".
βοΈ FBI Seizes Bot Shop βGenesis Marketβ Amid Arrests Targeting Operators, Suppliers βοΈ
π Read
via "Krebs on Security".
Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with "dozens" of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data.π Read
via "Krebs on Security".
Krebs on Security
FBI Seizes Bot Shop βGenesis Marketβ Amid Arrests Targeting Operators, Suppliers
Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sourcesβ¦
π±1
π΄ eFile Tax Return Software Found Serving Up Malware π΄
π Read
via "Dark Reading".
In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.π Read
via "Dark Reading".
Dark Reading
eFile Tax Return Software Found Serving Up Malware
In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.
π΄ Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach π΄
π Read
via "Dark Reading".
Uber gave sensitive data on drivers to a law firm representing the company in legal actions, but the data appears to not have had adequate security protections.π Read
via "Dark Reading".
Dark Reading
Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach
Uber gave sensitive data on drivers to a law firm representing the company in legal actions, but the data appears to not have had adequate security protections.
βΌ CVE-2023-1840 βΌ
π Read
via "National Vulnerability Database".
The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27493 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of EnvoyΓ’β¬β’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27496 βΌ
π Read
via "National Vulnerability Database".
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).π Read
via "National Vulnerability Database".
π΄ Industrial Defender Launches Phoenix: OT Visibility & Security Solution for Small to Midsized Operations π΄
π Read
via "Dark Reading".
Phoenix addresses the critical need for smaller operators to secure their operations with an easy-to-use and cost-effective OT security solution.π Read
via "Dark Reading".
Dark Reading
Industrial Defender Launches Phoenix: OT Visibility & Security Solution for Small to Midsized Operations
Phoenix addresses the critical need for smaller operators to secure their operations with an easy-to-use and cost-effective OT security solution.
π΄ Cybereason Secures $100M in Funding Led by SoftBank Corp. π΄
π Read
via "Dark Reading".
Cybereason announces additional funding led by Softbank Corp.π Read
via "Dark Reading".
Dark Reading
Cybereason Secures $100M in Funding Led by SoftBank Corp.
Cybereason announces additional funding led by Softbank Corp.
π΄ CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture π΄
π Read
via "Dark Reading".
Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.π Read
via "Dark Reading".
Dark Reading
CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture
Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.
π΄ F5 Safeguards Digital Services With New AI-Powered App and API Security Capabilities π΄
π Read
via "Dark Reading".
Enhanced API defenses, granular machine learning capabilities, and new managed service offerings provide comprehensive protection across distributed environments.π Read
via "Dark Reading".
Dark Reading
F5 Safeguards Digital Services With New AI-Powered App and API Security Capabilities
Enhanced API defenses, granular machine learning capabilities, and new managed service offerings provide comprehensive protection across distributed environments.
β€2
βΌ CVE-2023-0382 βΌ
π Read
via "National Vulnerability Database".
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1847 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1853 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1846 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deduction_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224986 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1850 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224990 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1856 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224995.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1860 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste"><script>alert(%27c4ng4c3ir0%27)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-224998 is the identifier assigned to this vulnerability. NOTE: Vendor did not respond if and how they may handle this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1857 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manage_product&id=2. The manipulation of the argument Product Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224996.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1851 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1849 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cashadvance_row.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224989 was assigned to this vulnerability.π Read
via "National Vulnerability Database".