π΄ How Public-Private Information Sharing Can Level the Cybersecurity Playing Field π΄
π Read
via "Dark Reading".
Sharing information is critical to help organizations protect data and systems. To be even more effective, collaboration should be inclusive β vendors, researchers, and private companies large and small.π Read
via "Dark Reading".
Dark Reading
How Public-Private Information Sharing Can Level the Cybersecurity Playing Field
Sharing information is critical to help organizations protect data and systems. To be even more effective, collaboration should be inclusive β vendors, researchers, and private companies large and small.
β S3 Ep133: Apple takes βtight-lippedβ to a whole new level β
π Read
via "Naked Security".
Entertaining, educational, and all in plain English π§ππ Read
via "Naked Security".
Naked Security
S3 Ep133: Apple takes βtight-lippedβ to a whole new level
Entertaining, educational, and all in plain English π§π
βΌ CVE-2023-29995 βΌ
π Read
via "National Vulnerability Database".
In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.cπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29996 βΌ
π Read
via "National Vulnerability Database".
In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2521 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29994 βΌ
π Read
via "National Vulnerability Database".
In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30184 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2519 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. VDB-228010 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2520 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical. This issue affects some unknown processing of the file cgi-bin/tools_ping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228011. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30203 βΌ
π Read
via "National Vulnerability Database".
Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php.π Read
via "National Vulnerability Database".
π΄ Google Launches Cybersecurity Career Certificate Program π΄
π Read
via "Dark Reading".
Google's new program aims to offer accessible training to fill 750K open cybersecurity jobs with diverse array of talent. π Read
via "Dark Reading".
Dark Reading
Google Launches Cybersecurity Career Certificate Program
Google's new program aims to offer accessible training to fill 750K open cybersecurity jobs with diverse array of talent.
βΌ CVE-2023-30550 βΌ
π Read
via "National Vulnerability Database".
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2523 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2524 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2522 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π΄ Netskope: Attackers Double Down on Social Engineering Techniques and Malicious Functionalities π΄
π Read
via "Dark Reading".
Researchers find attackers are successfully evading detection by blending in with normal network traffic via HTTP and HTTPS.π Read
via "Dark Reading".
Dark Reading
Netskope: Attackers Double Down on Social Engineering Techniques and Malicious Functionalities
Researchers find attackers are successfully evading detection by blending in with normal network traffic via HTTP and HTTPS.
π΄ InsightCyber Launches Platform to Provide Cyber Threat Management and Security to Global Critical Infrastructure π΄
π Read
via "Dark Reading".
The InsightCyber Platform delivers continuous AI-monitoring of cyber-physicalassets.π Read
via "Dark Reading".
Dark Reading
InsightCyber Launches Platform to Provide Cyber Threat Management and Security to Global Critical Infrastructure
The InsightCyber Platform delivers continuous AI-monitoring of cyber-physical assets.
π΄ OneTrust Enhances Data Discovery and Governance by Introducing AI-Powered Document Classification π΄
π Read
via "Dark Reading".
Organizations can effectively classify unstructured data, automatically apply policies, and remediate violations.π Read
via "Dark Reading".
Dark Reading
OneTrust Enhances Data Discovery and Governance by Introducing AI-Powered Document Classification
Organizations can effectively classify unstructured data, automatically apply policies, and remediate violations.
π΄ Databricks Ventures Invests in Data Security Leader Immuta π΄
π Read
via "Dark Reading".
Strategic investment builds upon long-standing partnership and reinforces Databricksβ commitment to Immuta as its trusted partner for data security.π Read
via "Dark Reading".
Dark Reading
Databricks Ventures Invests in Data Security Leader Immuta
Strategic investment builds upon long-standing partnership and reinforces Databricksβ commitment to Immuta as its trusted partner for data security.
π1
π΄ Dallas City Systems Taken Down by Royal Ransomware π΄
π Read
via "Dark Reading".
Courts closed, but police, fire rescues unaffected following ransomware attack. π Read
via "Dark Reading".
Dark Reading
Dallas City Systems Taken Down by Royal Ransomware
Courts closed, but police, fire rescues unaffected following ransomware attack.
βΌ CVE-2023-25961 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <=Γ 1.1.5 versions.π Read
via "National Vulnerability Database".