βΌ CVE-2023-23830 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <=Γ 4.5.4 versions.π Read
via "National Vulnerability Database".
π΄ What's the Secret to Finding the Next Big Thing in Cybersecurity? π΄
π Read
via "Dark Reading".
Varun Badhwar, who has brought each of the three startups he founded to the finals of the RSAC Innovation Sandbox, talks about how to see around the corner.π Read
via "Dark Reading".
Dark Reading
What's the Secret to Finding the Next Big Thing in Cybersecurity?
Varun Badhwar, who has brought each of the three startups he founded to the finals of the RSAC Innovation Sandbox, talks about how to see around the corner.
π΄ Court Rejects Merck Insurers' Attempt to Refuse Coverage for NotPetya Damages π΄
π Read
via "Dark Reading".
Insurers unsuccessfully argued Merck's $1.4B in losses following NotPetya cyberattack fell under wartime exclusion. π Read
via "Dark Reading".
Dark Reading
Court Rejects Merck Insurers' Attempt to Refuse Coverage for NotPetya Damages
Insurers unsuccessfully argued Merck's $1.4B in losses following NotPetya cyberattack fell under wartime exclusion.
π1
β Tracked by hidden tags? Apple and Google unite to propose safety and security standardsβ¦ β
π Read
via "Naked Security".
To bleat, or not to bleat, that is the question.π Read
via "Naked Security".
Naked Security
Tracked by hidden tags? Apple and Google unite to propose safety and security standardsβ¦
To bleat, or not to bleat, that is the question.
βΌ CVE-2023-25827 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25826 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.π Read
via "National Vulnerability Database".
π΄ DNA Sequencing Equipment Vulnerability Adds New Twist to Medical Device Cyber Threats π΄
π Read
via "Dark Reading".
A vulnerability in a DNA sequencer highlights the expanded attack surface area of healthcare organizations but also shows that reporting of medical device vulnerabilities works.π Read
via "Dark Reading".
Dark Reading
DNA Sequencing Equipment Vulnerability Adds New Twist to Medical Device Cyber Threats
A vulnerability in a DNA sequencer highlights the expanded attack surface area of healthcare organizations but also shows that reporting of medical device vulnerabilities works.
π΄ The Daily Number of Human-Driven Cyber Incidents Increased by 1.5 Times in 2022 π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
The Daily Number of Human-Driven Cyber Incidents Increased by 1.5 Times in 2022
Woburn, MA β May 2, 2023 β Research based on the analysis of incidents reported to customers of Kaspersky Managed Detection and Response (MDR) has revealed that Security Operations Center (SOC) analysts discovered more than three high-severity incidents withβ¦
π΄ Google Chrome Drops Browser Lock Icon π΄
π Read
via "Dark Reading".
Chrome 117 will retire the lock icon and replace it with a "tune" icon, reflecting evolving cybersecurity standards. π Read
via "Dark Reading".
Dark Reading
Google Chrome Drops Browser Lock Icon
Chrome 117 will retire the lock icon and replace it with a "tune" icon, reflecting evolving cybersecurity standards.
π΄ Threat Spotlight: Proportion of Malicious HTML Attachments Doubles Within a Year π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Threat Spotlight: Proportion of Malicious HTML Attachments Doubles Within a Year
The security industry has been highlighting the cybercriminal misuse of HTML for years β and evidence suggests it remains a successful and popular attack tool. Last year we reported that around one-in-five (21%) of all HTML attachments scanned by Barracudaβ¦
π΄ Moonsense Raises $4.2M in Seed Funding and Introduces Next-Gen User Behavior and Network Intelligence Solution π΄
π Read
via "Dark Reading".
Hassle-free initial trial, harnesses digital body language and source data for enhanced fraud detection.π Read
via "Dark Reading".
Dark Reading
Moonsense Raises $4.2M in Seed Funding and Introduces Next-Gen User Behavior and Network Intelligence Solution
Hassle-free initial trial, harnesses digital body language and source data for enhanced fraud detection.
βΌ CVE-2023-30205 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2069 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30300 βΌ
π Read
via "National Vulnerability Database".
An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1965 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39161 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1265 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0155 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdownπ Read
via "National Vulnerability Database".
βΌ CVE-2023-24744 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM.π Read
via "National Vulnerability Database".
βΌ CVE-2017-11197 βΌ
π Read
via "National Vulnerability Database".
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0485 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.π Read
via "National Vulnerability Database".