βΌ CVE-2023-31208 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.π Read
via "National Vulnerability Database".
β€1
π’ US identifies and places $10 million bounty on LockBit, Hive ransomware kingpin π’
π Read
via "ITPro".
Mikhail Pavlovich Matveev was linked to specific ransomware attacks, including a 2021 raid on the DC police department π Read
via "ITPro".
ITPro
US identifies and places $10 million bounty on LockBit, Hive ransomware kingpin
Mikhail Pavlovich Matveev was linked to specific ransomware attacks, including a 2021 raid on the DC police department
βΌ CVE-2023-2756 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.π Read
via "National Vulnerability Database".
π΄ Microsoft Digital Defense Report: Nation-State Threats and Cyber Mercenaries π΄
π Read
via "Dark Reading".
In part three of this three-part series, Microsoft dissects these twinned threats and what organizations can do to reduce or eliminate their risk.π Read
via "Dark Reading".
Dark Reading
Microsoft Digital Defense Report: Nation-State Threats and Cyber Mercenaries
In part three of this three-part series, Microsoft dissects these twinned threats and what organizations can do to reduce or eliminate their risk.
π1
π΄ I Was an RSAC Innovation Sandbox Judge β Here's What I Learned π΄
π Read
via "Dark Reading".
Three pieces of advice to startups serious about winning funding and support for their nascent companies: Articulate your key message clearly, have the founder speak, and don't use a canned demo.π Read
via "Dark Reading".
Dark Reading
I Was an RSAC Innovation Sandbox Judge β Here's What I Learned
Three pieces of advice to startups serious about winning funding and support for their nascent companies: Articulate your key message clearly, have the founder speak, and don't use a canned demo.
βΌ CVE-2023-31699 βΌ
π Read
via "National Vulnerability Database".
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31702 βΌ
π Read
via "National Vulnerability Database".
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-31698 βΌ
π Read
via "National Vulnerability Database".
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31902 βΌ
π Read
via "National Vulnerability Database".
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-31703 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30438 βΌ
π Read
via "National Vulnerability Database".
An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31904 βΌ
π Read
via "National Vulnerability Database".
savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2679 βΌ
π Read
via "National Vulnerability Database".
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31903 βΌ
π Read
via "National Vulnerability Database".
GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.π Read
via "National Vulnerability Database".
π΄ Sunday Paper Debacle: Philadelphia Inquirer Scrambles to Respond to Cyberattack π΄
π Read
via "Dark Reading".
It's still unclear when systems for Pennsylvania's largest media outlet will be fully restored, as employees were told to stay at home through Tuesday, May 16.π Read
via "Dark Reading".
Dark Reading
Sunday Paper Debacle: Philadelphia Inquirer Scrambles to Respond to Cyberattack
It's still unclear when systems for Pennsylvania's largest media outlet will be fully restored, as employees were told to stay at home through Tuesday.
π AIDE 0.18.3 π
π Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.π Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.18.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ How to Protect Your Organization From Vulnerabilities π΄
π Read
via "Dark Reading".
Cobalt's fifth edition of "The State of Penetration Testing Report" taps into data from 3,100 pen tests and more than 1,000 responses from security practitioners.π Read
via "Dark Reading".
Dark Reading
How to Protect Your Organization From Vulnerabilities
Cobalt's fifth edition of "The State of Penetration Testing Report" taps into data from 3,100 pen tests and more than 1,000 responses from security practitioners.
β Belkin Wemo Smart Plug V2 β the buffer overflow that wonβt be patched β
π Read
via "Naked Security".
Yes, it's a buffer overflow bug. No, it's not going get fixed.π Read
via "Naked Security".
Naked Security
Belkin Wemo Smart Plug V2 β the buffer overflow that wonβt be patched
Yes, itβs a buffer overflow bug. No, itβs not going get fixed.
βΌ CVE-2023-31723 βΌ
π Read
via "National Vulnerability Database".
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31700 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31724 βΌ
π Read
via "National Vulnerability Database".
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.π Read
via "National Vulnerability Database".