β Patch Tuesday: Microsoft fixes a zero-day, and two curious bugs that take the Secure out of Secure Boot β
π Read
via "Naked Security".
Is Secure Boot without the Secure just "Boot"?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-29597 βΌ
π Read
via "National Vulnerability Database".
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29598 βΌ
π Read
via "National Vulnerability Database".
lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27812 βΌ
π Read
via "National Vulnerability Database".
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.π Read
via "National Vulnerability Database".
π΄ The Internet Reform Trilemma π΄
π Read
via "Dark Reading".
An "open" Internet faces challenges from autocratic governance models. Policymakers should instead think about creating an Internet that's equitable, inclusive, and secure.π Read
via "Dark Reading".
Dark Reading
The Internet Reform Trilemma
An "open" Internet faces challenges from autocratic governance models. Policymakers should instead think about creating an Internet that's equitable, inclusive, and secure.
β S3 Ep130: Open the garage bay doors, HAL [Audio + Text] β
π Read
via "Naked Security".
I'm sorry, Dave. I'm afraid I can't... errr, no, hang on a minute, I can do that easily! Worldwide! Right now!π Read
via "Naked Security".
Naked Security
S3 Ep130: Open the garage bay doors, HAL [Audio + Text]
Iβm sorry, Dave. Iβm afraid I canβtβ¦ errr, no, hang on a minute, I can do that easily! Worldwide! Right now!
βΌ CVE-2023-27779 βΌ
π Read
via "National Vulnerability Database".
AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30630 βΌ
π Read
via "National Vulnerability Database".
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.π Read
via "National Vulnerability Database".
π’ Best practices for Microsoft 365 business continuity π’
π Read
via "ITPro".
Discover how to mitigate the effects of large-scale, high-cost data loss disastersπ Read
via "ITPro".
ITPro
Best practices for Microsoft 365 business continuity
Discover how to mitigate the effects of large-scale, high-cost data loss disasters
π’ Best practices for Google Workspace business continuity π’
π Read
via "ITPro".
Introducing a new model of business continuity that is focused on security and data protectionπ Read
via "ITPro".
ITPro
Best practices for Google Workspace business continuity
Introducing a new model of business continuity that is focused on security and data protection
π΄ Why the US Needs Quantum-Safe Cryptography Deployed Now π΄
π Read
via "Dark Reading".
Quantum computers might be a decade away, but guess how long it will take to switch systems over to post-quantum cryptography?π Read
via "Dark Reading".
Dark Reading
Why the US Needs Quantum-Safe Cryptography Deployed Now
Quantum computers might be a decade away, but guess how long it will take to switch systems over to post-quantum cryptography?
π΄ Money Ransomware Group Enters Double-Extortion Fray π΄
π Read
via "Dark Reading".
Ransomware group uses API calls to spread throughout shared network resources, researchers say.π Read
via "Dark Reading".
Dark Reading
Money Ransomware Group Enters Double-Extortion Fray
Ransomware group uses API calls to spread throughout shared network resources, researchers say.
π΄ Remcos RAT Targets Tax Pros to Scurry Off With Workers' Filing Info π΄
π Read
via "Dark Reading".
Something exciting to liven up tax season: cybercriminals accessing sensitive personal information for individuals through the army of accountants preparing for Tax Day in the US.π Read
via "Dark Reading".
Dark Reading
Remcos RAT Targets Tax Pros to Scurry Off With Workers' Filing Info
Something exciting to liven up tax season: cybercriminals accessing sensitive personal information for individuals through the army of accountants preparing for Tax Day in the US.
βΌ CVE-2023-26412 βΌ
π Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27748 βΌ
π Read
via "National Vulnerability Database".
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26410 βΌ
π Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20866 βΌ
π Read
via "National Vulnerability Database".
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27667 βΌ
π Read
via "National Vulnerability Database".
Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27747 βΌ
π Read
via "National Vulnerability Database".
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26414 βΌ
π Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1271 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** Duplicate. Please use CVE-2023-24421.π Read
via "National Vulnerability Database".