βΌ CVE-2023-23641 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <=Γ 1.4.3 versions.π Read
via "National Vulnerability Database".
π’ Is the new .zip top-level domain a cyber security risk? π’
π Read
via "ITPro".
While some experts have branded the new domain βunnecessaryβ, others dispute its usefulness for attacks π Read
via "ITPro".
Cloud Pro
Is the new .zip top-level domain a cyber security risk?
While some experts have branded the new domain βunnecessaryβ, others dispute its usefulness for attacks
βοΈ Re-Victimization from Police-Auctioned Cell Phones βοΈ
π Read
via "Krebs on Security".
Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.π Read
via "Krebs on Security".
Krebs on Security
Re-Victimization from Police-Auctioned Cell Phones
Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found.β¦
π΄ 4 Big Mistakes to Avoid in OT Incident Response π΄
π Read
via "Dark Reading".
What works in IT may not in an operational technology/industrial control systems environment where availability and safety of operations must be maintained.π Read
via "Dark Reading".
Dark Reading
4 Big Mistakes to Avoid in OT Incident Response
What works in IT may not in an operational technology/industrial control systems environment where availability and safety of operations must be maintained.
βΌ CVE-2023-2730 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.π Read
via "National Vulnerability Database".
π΄ Severe RCE Bugs Open Thousands of Industrial IoT Devices to Cyberattack π΄
π Read
via "Dark Reading".
Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.π Read
via "Dark Reading".
Dark Reading
Severe RCE Bugs Open Thousands of Industrial IoT Devices to Cyberattack
Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.
βΌ CVE-2023-31857 βΌ
π Read
via "National Vulnerability Database".
Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29439 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <=Γ 2.2.35 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2738 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31587 βΌ
π Read
via "National Vulnerability Database".
Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31519 βΌ
π Read
via "National Vulnerability Database".
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31856 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31576 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31572 βΌ
π Read
via "National Vulnerability Database".
An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.π Read
via "National Vulnerability Database".
π΄ Name That Toon: One by One π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: One by One
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ Circle Security Technology Partnership With ForgeRock to Accelerate the Prevention-First Era in Digital Security π΄
π Read
via "Dark Reading".
Joint integration delivers effective DSPM enforcement for self-managed customers starting with credential-free access, risk-based continuous authentication, and protection from data exposure.π Read
via "Dark Reading".
Dark Reading
Circle Security Technology Partnership With ForgeRock to Accelerate the Prevention-First Era in Digital Security
Joint integration delivers effective DSPM enforcement for self-managed customers starting with credential-free access, risk-based continuous authentication, and protection from data exposure.
β Belkin Wemo Smart Plug V2 β the buffer overflow that wonβt be patched β
π Read
via "Naked Security".
Yes, it's a buffer overflow bug. No, it's not going get fixed.π Read
via "Naked Security".
Naked Security
Belkin Wemo Smart Plug V2 β the buffer overflow that wonβt be patched
Yes, itβs a buffer overflow bug. No, itβs not going get fixed.
π΄ Qilin Ransomware Operation Outfits Affiliates With Sleek, Turnkey Cyberattacks π΄
π Read
via "Dark Reading".
Researchers infiltrate a ransomware operation and discover slick services behind Qilin's Rust-based malware variant.π Read
via "Dark Reading".
Dark Reading
Qilin Ransomware Operation Outfits Affiliates With Sleek, Turnkey Cyberattacks
Researchers infiltrate a ransomware operation and discover slick services behind Qilin's Rust-based malware variant.
βΌ CVE-2023-33001 βΌ
π Read
via "National Vulnerability Database".
Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32979 βΌ
π Read
via "National Vulnerability Database".
Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33004 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.π Read
via "National Vulnerability Database".