βΌ CVE-2022-45064 βΌ
π Read
via "National Vulnerability Database".
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power. Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option.π Read
via "National Vulnerability Database".
π΄ Google Tackles Open Source Security With New Dependency Service π΄
π Read
via "Dark Reading".
With deps.dev API and Assured OSS, Google is addressing the common challenges software developers face in securing the software supply chain.π Read
via "Dark Reading".
Dark Reading
Google Tackles Open Source Security With New Dependency Service
With deps.dev API and Assured OSS, Google is addressing the common challenges software developers face in securing the software supply chain.
π΄ How to Define Tier-Zero Assets in Active Directory Security π΄
π Read
via "Dark Reading".
There are plenty of AD objects and groups that should be considered tier zero in every environment, but some will vary among organizations.π Read
via "Dark Reading".
Dark Reading
How to Define Tier-Zero Assets in Active Directory Security
There are plenty of AD objects and groups that should be considered tier zero in every environment, but some will vary among organizations.
βΌ CVE-2022-45358 βΌ
π Read
via "National Vulnerability Database".
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <=Γ 1.4.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2021 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44625 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting') vulnerability in Zephilou Cyklodev WP Notify plugin <=Γ 1.2.1 versions.π Read
via "National Vulnerability Database".
π’ The 'cyber aSaaSin' manual π’
π Read
via "ITPro".
Providing valuable insights to identify SaaS data enemies and win the battle against SaaS data threatsπ Read
via "ITPro".
ITPro
The 'cyber aSaaSin' manual
Providing valuable insights to identify SaaS data enemies and win the battle against SaaS data threats
π₯1
π’ The complete SaaS backup buyer's guide π’
π Read
via "ITPro".
Informing you about the realities of SaaS data protection and why an SaaS back up is essentialπ Read
via "ITPro".
ITPro
The complete SaaS backup buyer's guide
Informing you about the realities of SaaS data protection and why an SaaS back up is essential
π΄ Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users π΄
π Read
via "Dark Reading".
A novel credential harvester compromises SMTP services to steal data from a range of hosted services and providers, and can also launch SMS-based spam attacks against devices using US mobile carriers.π Read
via "Dark Reading".
Dark Reading
Legion Malware Marches onto Web Servers to Steal Credentials, Spam Mobile Users
A novel credential harvester compromises SMTP services to steal data from a range of hosted services and providers, and can also launch SMS-based spam attacks against devices using US mobile carriers.
π΄ Majority of US IT Pros Told to Keep Quiet About Data Breaches π΄
π Read
via "Dark Reading".
To report or not report? While more than half of all companies have suffered a data breach, 71% of IT professionals say they have been told to not report an incident, which could mean legal jeopardy.π Read
via "Dark Reading".
Dark Reading
Majority of US IT Pros Told to Keep Quiet About Data Breaches
To report or not report? While more than half of all companies have suffered a data breach, 71% of IT professionals say they have been told to not report an incident, which could mean legal jeopardy.
π Wireshark Analyzer 4.0.5 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 4.0.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Faraday 4.3.5 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 4.3.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π’ Best practices for Microsoft 365 business continuity π’
π Read
via "ITPro".
Discover how to mitigate the effects of large-scale, high-cost data loss disastersπ Read
via "ITPro".
ITPro
Best practices for Microsoft 365 business continuity
Discover how to mitigate the effects of large-scale, high-cost data loss disasters
β Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot β
π Read
via "Naked Security".
Is Secure Boot without the Secure just "Boot"?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-29597 βΌ
π Read
via "National Vulnerability Database".
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29598 βΌ
π Read
via "National Vulnerability Database".
lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27812 βΌ
π Read
via "National Vulnerability Database".
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.π Read
via "National Vulnerability Database".
π΄ The Internet Reform Trilemma π΄
π Read
via "Dark Reading".
An "open" Internet faces challenges from autocratic governance models. Policymakers should instead think about creating an Internet that's equitable, inclusive, and secure.π Read
via "Dark Reading".
Dark Reading
The Internet Reform Trilemma
An "open" Internet faces challenges from autocratic governance models. Policymakers should instead think about creating an Internet that's equitable, inclusive, and secure.
β S3 Ep130: Open the garage bay doors, HAL [Audio + Text] β
π Read
via "Naked Security".
I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!π Read
via "Naked Security".
Naked Security
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
Iβm sorry, Dave. Iβm afraid I canβtβ¦ errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
βΌ CVE-2023-27779 βΌ
π Read
via "National Vulnerability Database".
AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30630 βΌ
π Read
via "National Vulnerability Database".
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.π Read
via "National Vulnerability Database".