βΌ CVE-2023-33983 βΌ
π Read
via "National Vulnerability Database".
The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2873 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2871 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33981 βΌ
π Read
via "National Vulnerability Database".
Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33982 βΌ
π Read
via "National Vulnerability Database".
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33980 βΌ
π Read
via "National Vulnerability Database".
Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2875 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2870 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π4
βΌ CVE-2023-25029 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <=Γ 2.0.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32964 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <=Γ 1.9.2 versions.π Read
via "National Vulnerability Database".
β€1π1
βοΈ Phishing Domains Tanked After Meta Sued Freenom βοΈ
π Read
via "Krebs on Security".
The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.π Read
via "Krebs on Security".
Krebs on Security
Phishing Domains Tanked After Meta Sued Freenom
The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta, which alleged the free domain name provider has a long history of ignoring abuse complaintsβ¦
π1
β S3 Ep136: Navigating a manic malware maelstrom β
π Read
via "Naked Security".
Latest episode - listen now. Full transcript inside...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives π΄
π Read
via "Dark Reading".
Phishing campaigns targeting travelers have evolved from simple, easy-to-spot fraud attempts to highly sophisticated operations.π Read
via "Dark Reading".
Dark Reading
Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
Phishing campaigns targeting travelers have evolved from simple, easy-to-spot fraud attempts to highly sophisticated operations.
βΌ CVE-2023-33440 βΌ
π Read
via "National Vulnerability Database".
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46882 βΌ
π Read
via "National Vulnerability Database".
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-33720 βΌ
π Read
via "National Vulnerability Database".
mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.π Read
via "National Vulnerability Database".
π΄ Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints π΄
π Read
via "Dark Reading".
Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.π Read
via "Dark Reading".
Dark Reading
Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints
Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.
π΄ 130K+ Patients' Social Security Numbers Leaked in UHS of Delaware Data Breach π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
130K+ Patients' Social Security Numbers Leaked in UHS of Delaware Data Breach
MARLTON, N.J., May 25, 2023 /PRNewswire/ -- Approximately 130,000 patients in Texas β and an untold number of others nationwide β are being notified that their protected health information was compromised when hackers breached the computer system of Universalβ¦
βΌ CVE-2023-20868 βΌ
π Read
via "National Vulnerability Database".
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32318 βΌ
π Read
via "National Vulnerability Database".
Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1.π Read
via "National Vulnerability Database".
π΄ 2 Lenses for Examining the Safety of Open Source Software π΄
π Read
via "Dark Reading".
Improving the security of open source repositories and keeping malicious components out requires a combination of technology and people.π Read
via "Dark Reading".
β€1