π΄ Microsoft Fixes Failed Patch for Exploited Outlook Vulnerability π΄
π Read
via "Dark Reading".
Adding a single character to a function in the previous Outlook patch rendered that fix useless, researchers say.π Read
via "Dark Reading".
Dark Reading
Microsoft Fixes Failed Patch for Exploited Outlook Vulnerability
Adding a single character to a function in the previous Outlook patch rendered that fix useless, researchers say.
βΌ CVE-2023-32070 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36937 βΌ
π Read
via "National Vulnerability Database".
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3.Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32076 βΌ
π Read
via "National Vulnerability Database".
in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the files read is `.in_totorc` which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an `.in_totorc` file that includes the necessary exclude patterns and settings. RC files are widely used in other systems and security issues have been discovered in their implementations as well. Maintainers found in their conversations with in-toto adopters that `in_totorc` is not their preferred way to configure in-toto. As none of the options supported in `in_totorc` is unique, and can be set elsewhere using API parameters or CLI arguments, the maintainers decided to drop support for `in_totorc`. in-toto's `user_settings` module has been dropped altogether in commit 3a21d84f40811b7d191fa7bd17265c1f99599afd. Users may also sandbox functionary code as a security measure.π Read
via "National Vulnerability Database".
π΄ Infamous Twitter Hacker Cops to Cybercrimes, Extradited to US for Trial π΄
π Read
via "Dark Reading".
Confessed cybercriminal hijacked Twitter, TikTok, and Snapchat accounts; defrauded victims; and more. π Read
via "Dark Reading".
Dark Reading
Infamous Twitter Hacker Cops to Cybercrimes, Extradited to US for Trial
Confessed cybercriminal hijacked Twitter, TikTok, and Snapchat accounts; defrauded victims; and more.
π΄ Global Research From Delinea Reveals That 61% of IT Security Decision Makers Think Leadership Overlooks the Role of Cybersecurity in Business Success π΄
π Read
via "Dark Reading".
Disconnect between security and business goals had negative consequences for 89% of respondents and increased the success of cyberattacks at one in four companies.π Read
via "Dark Reading".
Dark Reading
Global Research From Delinea Reveals That 61% of IT Security Decision Makers Think Leadership Overlooks the Role of Cybersecurityβ¦
Disconnect between security and business goals had negative consequences for 89% of respondents and increased the success of cyberattacks at one in four companies.
π΄ Secureframe Finds 37% of Organizations Reuse Passwords for Cloud Service Providers π΄
π Read
via "Dark Reading".
Secureframe launches Secureframe Trust to empower businesses to showcase astrong security posture.π Read
via "Dark Reading".
Dark Reading
Secureframe Finds 37% of Organizations Reuse Passwords for Cloud Service Providers
Secureframe launches Secureframe Trust to empower businesses to showcase a strong security posture.
π΄ Experian Announces US Fintech Data Network to Combat Fraud π΄
π Read
via "Dark Reading".
Experian's Hunter comes to the United States with nine top fintechs committed to participating.π Read
via "Dark Reading".
Dark Reading
Experian Announces US Fintech Data Network to Combat Fraud
Experian's Hunter comes to the United States with nine top fintechs committed to participating.
βΌ CVE-2022-29842 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: through 5.26.119.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31150 βΌ
π Read
via "National Vulnerability Database".
A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31148 βΌ
π Read
via "National Vulnerability Database".
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31160 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31155 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2310 βΌ
π Read
via "National Vulnerability Database".
A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31152 βΌ
π Read
via "National Vulnerability Database".
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31164 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31149 βΌ
π Read
via "National Vulnerability Database".
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31162 βΌ
π Read
via "National Vulnerability Database".
An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31161 βΌ
π Read
via "National Vulnerability Database".
AnΓ Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31154 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31156 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.π Read
via "National Vulnerability Database".