βΌ CVE-2023-1384 βΌ
π Read
via "National Vulnerability Database".
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be runThis issue affects:Amazon Fire TV Stick 3rd genΓ versions prior to 6.2.9.5.Insignia TV with FireOSΓ versions prior to 7.6.3.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1385 βΌ
π Read
via "National Vulnerability Database".
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.This issue affects:Amazon Fire TV Stick 3rd genΓ versions prior to 6.2.9.5.Insignia TV with FireOSΓ 7.6.3.3.π Read
via "National Vulnerability Database".
π΄ Anatomy of a Malicious Package Attack π΄
π Read
via "Dark Reading".
Malicious packages are hard to avoid and hard to detect β unless you know what to look for.π Read
via "Dark Reading".
Dark Reading
Anatomy of a Malicious Package Attack
Malicious packages are hard to avoid and hard to detect β unless you know what to look for.
βΌ CVE-2023-26017 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <=Γ 2.5.10.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23875 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <=Γ 1.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23881 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <=Γ 1.0.10 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25967 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <=Γ 6.0.2.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23830 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <=Γ 4.5.4 versions.π Read
via "National Vulnerability Database".
π΄ What's the Secret to Finding the Next Big Thing in Cybersecurity? π΄
π Read
via "Dark Reading".
Varun Badhwar, who has brought each of the three startups he founded to the finals of the RSAC Innovation Sandbox, talks about how to see around the corner.π Read
via "Dark Reading".
Dark Reading
What's the Secret to Finding the Next Big Thing in Cybersecurity?
Varun Badhwar, who has brought each of the three startups he founded to the finals of the RSAC Innovation Sandbox, talks about how to see around the corner.
π΄ Court Rejects Merck Insurers' Attempt to Refuse Coverage for NotPetya Damages π΄
π Read
via "Dark Reading".
Insurers unsuccessfully argued Merck's $1.4B in losses following NotPetya cyberattack fell under wartime exclusion. π Read
via "Dark Reading".
Dark Reading
Court Rejects Merck Insurers' Attempt to Refuse Coverage for NotPetya Damages
Insurers unsuccessfully argued Merck's $1.4B in losses following NotPetya cyberattack fell under wartime exclusion.
π1
β Tracked by hidden tags? Apple and Google unite to propose safety and security standardsβ¦ β
π Read
via "Naked Security".
To bleat, or not to bleat, that is the question.π Read
via "Naked Security".
Naked Security
Tracked by hidden tags? Apple and Google unite to propose safety and security standardsβ¦
To bleat, or not to bleat, that is the question.
βΌ CVE-2023-25827 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25826 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.π Read
via "National Vulnerability Database".
π΄ DNA Sequencing Equipment Vulnerability Adds New Twist to Medical Device Cyber Threats π΄
π Read
via "Dark Reading".
A vulnerability in a DNA sequencer highlights the expanded attack surface area of healthcare organizations but also shows that reporting of medical device vulnerabilities works.π Read
via "Dark Reading".
Dark Reading
DNA Sequencing Equipment Vulnerability Adds New Twist to Medical Device Cyber Threats
A vulnerability in a DNA sequencer highlights the expanded attack surface area of healthcare organizations but also shows that reporting of medical device vulnerabilities works.
π΄ The Daily Number of Human-Driven Cyber Incidents Increased by 1.5 Times in 2022 π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
The Daily Number of Human-Driven Cyber Incidents Increased by 1.5 Times in 2022
Woburn, MA β May 2, 2023 β Research based on the analysis of incidents reported to customers of Kaspersky Managed Detection and Response (MDR) has revealed that Security Operations Center (SOC) analysts discovered more than three high-severity incidents withβ¦
π΄ Google Chrome Drops Browser Lock Icon π΄
π Read
via "Dark Reading".
Chrome 117 will retire the lock icon and replace it with a "tune" icon, reflecting evolving cybersecurity standards. π Read
via "Dark Reading".
Dark Reading
Google Chrome Drops Browser Lock Icon
Chrome 117 will retire the lock icon and replace it with a "tune" icon, reflecting evolving cybersecurity standards.
π΄ Threat Spotlight: Proportion of Malicious HTML Attachments Doubles Within a Year π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Threat Spotlight: Proportion of Malicious HTML Attachments Doubles Within a Year
The security industry has been highlighting the cybercriminal misuse of HTML for years β and evidence suggests it remains a successful and popular attack tool. Last year we reported that around one-in-five (21%) of all HTML attachments scanned by Barracudaβ¦
π΄ Moonsense Raises $4.2M in Seed Funding and Introduces Next-Gen User Behavior and Network Intelligence Solution π΄
π Read
via "Dark Reading".
Hassle-free initial trial, harnesses digital body language and source data for enhanced fraud detection.π Read
via "Dark Reading".
Dark Reading
Moonsense Raises $4.2M in Seed Funding and Introduces Next-Gen User Behavior and Network Intelligence Solution
Hassle-free initial trial, harnesses digital body language and source data for enhanced fraud detection.
βΌ CVE-2023-30205 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2069 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30300 βΌ
π Read
via "National Vulnerability Database".
An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.π Read
via "National Vulnerability Database".