β S3 Ep134: Itβs a PRIVATE key β the hint is in the name! β
π Read
via "Naked Security".
Latest episode - listen now! π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Bootkit zero-day fix β is this Microsoftβs most cautious patch ever? β
π Read
via "Naked Security".
When blocking buggy bootup modules, you have to be really careful not to lock your keys inside the car...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-2661 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2659 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2660 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2657 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2658 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228800.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22720 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <=Γ 4.9.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47129 βΌ
π Read
via "National Vulnerability Database".
PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.π Read
via "National Vulnerability Database".
π΄ Startup Competition Secures ML Systems, Vulnerabilities in Automation π΄
π Read
via "Dark Reading".
RSA's Innovation Sandbox 2023 focused on the software supply chain, as well as attack surfaces exposed by generative AI, ML systems, and APIs.π Read
via "Dark Reading".
Dark Reading
Startup Competition Secures ML Systems, Vulnerabilities in Automation
RSA's Innovation Sandbox 2023 focused on the software supply chain, as well as attack surfaces exposed by generative AI, ML systems, and APIs.
π΄ Integrating Cyber Resiliency With FPGAs π΄
π Read
via "Dark Reading".
Field programmable gate arrays are particularly useful for organizations embracing new edge computing devices and applications.π Read
via "Dark Reading".
Dark Reading
Integrating Cyber Resiliency With FPGAs
Field programmable gate arrays are particularly useful for organizations that are embracing new edge computing devices and applications.
βΌ CVE-2023-29400 βΌ
π Read
via "National Vulnerability Database".
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24539 βΌ
π Read
via "National Vulnerability Database".
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32075 βΌ
π Read
via "National Vulnerability Database".
The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24540 βΌ
π Read
via "National Vulnerability Database".
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.π Read
via "National Vulnerability Database".
π΄ North Korean Hackers Behind Hospital Data Breach in Seoul π΄
π Read
via "Dark Reading".
Data on more than 830K people exposed in the 2021 cyberattack.π Read
via "Dark Reading".
Dark Reading
North Korean Hackers Behind Hospital Data Breach in Seoul
Data on more than 830K people exposed in the 2021 cyberattack.
π΄ Billy Corgan Paid Off Hacker Who Threatened to Leak New Smashing Pumpkins Songs π΄
π Read
via "Dark Reading".
Corgan got FBI involved to track down the cybercriminal, who had stolen from other artists as well, he said. π Read
via "Dark Reading".
Dark Reading
Billy Corgan Paid Off Hacker Who Threatened to Leak New Smashing Pumpkins Songs
Corgan got FBI involved to track down the cybercriminal, who had stolen from other artists as well, he said.
βΌ CVE-2023-30394 βΌ
π Read
via "National Vulnerability Database".
MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29023 βΌ
π Read
via "National Vulnerability Database".
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29031 βΌ
π Read
via "National Vulnerability Database".
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29029 βΌ
π Read
via "National Vulnerability Database".
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.π Read
via "National Vulnerability Database".