๐ด Google 2FA Syncing Feature Could Put Your Privacy at Risk ๐ด
๐ Read
via "Dark Reading".
Researchers find that the encryption of a user's 2FA secrets are stripped after transportation to the cloud.๐ Read
via "Dark Reading".
Dark Reading
Google 2FA Syncing Feature Could Put Your Privacy at Risk
Researchers find that the encryption of a user's 2FA secrets are stripped after transportation to the cloud.
โผ CVE-2022-45876 โผ
๐ Read
via "National Vulnerability Database".
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1786 โผ
๐ Read
via "National Vulnerability Database".
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27107 โผ
๐ Read
via "National Vulnerability Database".
Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-20853 โผ
๐ Read
via "National Vulnerability Database".
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24836 โผ
๐ Read
via "National Vulnerability Database".
SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28697 โผ
๐ Read
via "National Vulnerability Database".
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47758 โผ
๐ Read
via "National Vulnerability Database".
Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute arbitrary code via a DHCP hijacking attack.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26244 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26243 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-20852 โผ
๐ Read
via "National Vulnerability Database".
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26245 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-2297 โผ
๐ Read
via "National Vulnerability Database".
The Profile Builder รขโฌโ User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-22901 โผ
๐ Read
via "National Vulnerability Database".
ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administratorรขโฌโขs privilege can exploit this vulnerability to access arbitrary system files.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-2323 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28770 โผ
๐ Read
via "National Vulnerability Database".
The sensitive information exposure vulnerability in the CGI รขโฌลExport_Logรขโฌ๏ฟฝ and the binary รขโฌลzcmdรขโฌ๏ฟฝ in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.๐ Read
via "National Vulnerability Database".
๐ข Microsoft links PaperCut server attacks to Cl0p, LockBit ransomware ๐ข
๐ Read
via "ITPro".
Microsoft Threat Intelligence noted attacks were facilitated by GoAnywhere vulnerabilities and the Raspberry Robin worm ๐ Read
via "ITPro".
ITPro
Microsoft links PaperCut server attacks to Cl0p, LockBit ransomware
Microsoft Threat Intelligence noted attacks were facilitated by GoAnywhere vulnerabilities and the Raspberry Robin worm
โผ CVE-2023-1778 โผ
๐ Read
via "National Vulnerability Database".
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.The vulnerability has been addressed by forcing the user to change their default password to a new non-default password.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-2327 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-2328 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.๐ Read
via "National Vulnerability Database".
๐ด Tenable Makes Generative AI Security Tools Available to the Research Community ๐ด
๐ Read
via "Dark Reading".
๐ Read
via "Dark Reading".
Dark Reading
Tenable Makes Generative AI Security Tools Available to the Research Community
COLUMBIA, Md. and RSA Conference 2023 (April 27, 2023) โ Tenableยฎ, the Exposure Management company, today published a new report outlining the use of generative AI to build new security research tools. The report, titled โHow Generative AI is Changing Securityโฆ