π΄ How to Prevent 2 Common Attacks on MFA π΄
π Read
via "Dark Reading".
MFA isn't immune from the tug of war between attackers and defenders.π Read
via "Dark Reading".
Dark Reading
How to Prevent 2 Common Attacks on MFA
MFA isn't immune from the tug of war between attackers and defenders.
βΌ CVE-2023-27777 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30463 βΌ
π Read
via "National Vulnerability Database".
Altran picoTCP through 1.7.0 allows memory corruption (and subsequent denial of service) because of an integer overflow in pico_ipv6_alloc when processing large ICMPv6 packets. This affects installations with Ethernet support in which a packet size greater than 65495 may occur.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38125 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26599 βΌ
π Read
via "National Vulnerability Database".
XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29921 βΌ
π Read
via "National Vulnerability Database".
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0317 βΌ
π Read
via "National Vulnerability Database".
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27776 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25759 βΌ
π Read
via "National Vulnerability Database".
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22645 βΌ
π Read
via "National Vulnerability Database".
An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4308 βΌ
π Read
via "National Vulnerability Database".
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25760 βΌ
π Read
via "National Vulnerability Database".
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payloadπ Read
via "National Vulnerability Database".
β€1
π΄ 3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 π΄
π Read
via "Dark Reading".
Attackers continued to favor software exploits, phishing, and stolen credentials as initial-access methods last year, as Log4j and the Russia-Ukraine cyber conflict changed the threat landscape.π Read
via "Dark Reading".
Dark Reading
3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022
Attackers continued to favor software exploits, phishing, and stolen credentials as initial-access methods last year, as Log4j and the Russia-Ukraine cyber conflict changed the threat landscape.
π΄ Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones π΄
π Read
via "Dark Reading".
Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.π Read
via "Dark Reading".
Dark Reading
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones
Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.
π’ βFull speed aheadβ mentality in cloud native space causing security headaches π’
π Read
via "ITPro".
Red Hat says the rapid development of cloud native technologies means that security issues could go unnoticedπ Read
via "ITPro".
Cloud Pro
βFull speed aheadβ mentality in cloud native space causing security headaches
Red Hat says the rapid development of cloud native technologies means that security issues could go unnoticed
βΌ CVE-2023-29923 βΌ
π Read
via "National Vulnerability Database".
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29586 βΌ
π Read
via "National Vulnerability Database".
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30612 βΌ
π Read
via "National Vulnerability Database".
Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability. Impacted versions of Cloud Hypervisor include upstream main branch, v31.0, and v30.0. The vulnerability was initially detected by our `http_api_fuzzer` via oss-fuzz. This issue has been addressed in versions 30.1 and 31.1. Users unable to upgrade may mitigate this issue by ensuring the write access to the API socket file is granted to trusted users only.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1900 βΌ
π Read
via "National Vulnerability Database".
A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation. Issue was fixed with Endpointprotection.exe version 1.0.2303.633π Read
via "National Vulnerability Database".
βΌ CVE-2023-30614 βΌ
π Read
via "National Vulnerability Database".
Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If the targeted application contains a functionality to submit user-generated content (such as comments) the attacker could even distribute the URL using that functionality. This has been patched in version 6.3.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1587 βΌ
π Read
via "National Vulnerability Database".
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11π Read
via "National Vulnerability Database".