β Whodunnit? Cybercrook gets 6 years for ransoming his own employer β
π Read
via "Naked Security".
Not just an active adversary, but a two-faced one, too.π Read
via "Naked Security".
Naked Security
Whodunnit? Cybercrook gets 6 years for ransoming his own employer
Not just an active adversary, but a two-faced one, too.
βΌ CVE-2023-31983 βΌ
π Read
via "National Vulnerability Database".
A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25428 βΌ
π Read
via "National Vulnerability Database".
A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25958 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <=Γ 2.1.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23810 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <=Γ 1.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22685 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <=Γ v2.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28414 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin <=Γ 1.3.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25460 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <=Γ 1.0.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48020 βΌ
π Read
via "National Vulnerability Database".
Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser.π Read
via "National Vulnerability Database".
π΄ Malicious Chatbots Target Casinos in Southeast Asia π΄
π Read
via "Dark Reading".
Dubbed "ChattyGoblin," the China-backed actors use chatbots to scam Southeast Asian gambling companies.π Read
via "Dark Reading".
Dark Reading
Malicious Chatbots Target Casinos in Southeast Asia
Dubbed "ChattyGoblin," the China-backed actors use chatbots to scam Southeast Asian gambling companies.
π΄ New Competition Focuses on Hardening Cryptosystems π΄
π Read
via "Dark Reading".
The Technology Innovation Instituteβs year-long cryptographic challenge invites participants to assess concrete hardness of McEliece public-key encryption scheme.π Read
via "Dark Reading".
Dark Reading
New Competition Focuses on Hardening Cryptosystems
The Technology Innovation Instituteβs year-long cryptographic challenges invite participants to assess the concrete hardness of McEliece public-key encryption scheme.
π΄ Making Sure Lost Data Stays Lost π΄
π Read
via "Dark Reading".
Retired hardware and forgotten cloud virtual machines are a trove of insecure confidential data. Here's how to ameliorate that weakness.π Read
via "Dark Reading".
Dark Reading
Making Sure Lost Data Stays Lost
Retired hardware and forgotten cloud virtual machines are a trove of insecure confidential data. Here's how to ameliorate that weakness.
π΄ An Analyst View of XM Cyberβs Acquisition of Confluera π΄
π Read
via "Dark Reading".
The deal will enhance the capabilities of both companies and provide customers with a more comprehensive way to protect their digital assets.π Read
via "Dark Reading".
Dark Reading
An Analyst View of XM Cyberβs Acquisition of Confluera
The deal will enhance the capabilities of both companies and provide customers with a more comprehensive way to protect their digital assets.
βΌ CVE-2023-2457 βΌ
π Read
via "National Vulnerability Database".
Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2023-32306 βΌ
π Read
via "National Vulnerability Database".
Time Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32305 βΌ
π Read
via "National Vulnerability Database".
aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30247 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25927 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27863 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2458 βΌ
π Read
via "National Vulnerability Database".
Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)π Read
via "National Vulnerability Database".
π΄ WordPress Plugin Used in 1M+ Websites Patched to Close Critical Bug π΄
π Read
via "Dark Reading".
The privilege escalation flaw is one in thousands that researchers have disclosed in recent years.π Read
via "Dark Reading".
Dark Reading
WordPress Plug-in Used in 1M+ Websites Patched to Close Critical Bug
The privilege escalation flaw is one in thousands that researchers have disclosed in recent years.