π΄ Google Launches Cybersecurity Career Certificate Program π΄
π Read
via "Dark Reading".
Google's new program aims to offer accessible training to fill 750K open cybersecurity jobs with diverse array of talent. π Read
via "Dark Reading".
Dark Reading
Google Launches Cybersecurity Career Certificate Program
Google's new program aims to offer accessible training to fill 750K open cybersecurity jobs with diverse array of talent.
βΌ CVE-2023-30550 βΌ
π Read
via "National Vulnerability Database".
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2523 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2524 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2522 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π΄ Netskope: Attackers Double Down on Social Engineering Techniques and Malicious Functionalities π΄
π Read
via "Dark Reading".
Researchers find attackers are successfully evading detection by blending in with normal network traffic via HTTP and HTTPS.π Read
via "Dark Reading".
Dark Reading
Netskope: Attackers Double Down on Social Engineering Techniques and Malicious Functionalities
Researchers find attackers are successfully evading detection by blending in with normal network traffic via HTTP and HTTPS.
π΄ InsightCyber Launches Platform to Provide Cyber Threat Management and Security to Global Critical Infrastructure π΄
π Read
via "Dark Reading".
The InsightCyber Platform delivers continuous AI-monitoring of cyber-physicalassets.π Read
via "Dark Reading".
Dark Reading
InsightCyber Launches Platform to Provide Cyber Threat Management and Security to Global Critical Infrastructure
The InsightCyber Platform delivers continuous AI-monitoring of cyber-physical assets.
π΄ OneTrust Enhances Data Discovery and Governance by Introducing AI-Powered Document Classification π΄
π Read
via "Dark Reading".
Organizations can effectively classify unstructured data, automatically apply policies, and remediate violations.π Read
via "Dark Reading".
Dark Reading
OneTrust Enhances Data Discovery and Governance by Introducing AI-Powered Document Classification
Organizations can effectively classify unstructured data, automatically apply policies, and remediate violations.
π΄ Databricks Ventures Invests in Data Security Leader Immuta π΄
π Read
via "Dark Reading".
Strategic investment builds upon long-standing partnership and reinforces Databricksβ commitment to Immuta as its trusted partner for data security.π Read
via "Dark Reading".
Dark Reading
Databricks Ventures Invests in Data Security Leader Immuta
Strategic investment builds upon long-standing partnership and reinforces Databricksβ commitment to Immuta as its trusted partner for data security.
π1
π΄ Dallas City Systems Taken Down by Royal Ransomware π΄
π Read
via "Dark Reading".
Courts closed, but police, fire rescues unaffected following ransomware attack. π Read
via "Dark Reading".
Dark Reading
Dallas City Systems Taken Down by Royal Ransomware
Courts closed, but police, fire rescues unaffected following ransomware attack.
βΌ CVE-2023-25961 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <=Γ 1.1.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21486 βΌ
π Read
via "National Vulnerability Database".
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21505 βΌ
π Read
via "National Vulnerability Database".
Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21506 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25977 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT Γ’β¬β Speakers plugin <=Γ 1.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30216 βΌ
π Read
via "National Vulnerability Database".
Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31413 βΌ
π Read
via "National Vulnerability Database".
Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31284 βΌ
π Read
via "National Vulnerability Database".
illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31415 βΌ
π Read
via "National Vulnerability Database".
Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25458 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <=Γ 2.0.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30097 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field.π Read
via "National Vulnerability Database".