βΌ CVE-2023-33627 βΌ
π Read
via "National Vulnerability Database".
H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33732 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.π Read
via "National Vulnerability Database".
β€2
βΌ CVE-2023-23954 βΌ
π Read
via "National Vulnerability Database".
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29159 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.π Read
via "National Vulnerability Database".
βΌ CVE-2010-10010 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The name of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4332 βΌ
π Read
via "National Vulnerability Database".
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x aΓ vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.π Read
via "National Vulnerability Database".
π’ Barracuda network appliance vulnerability βactively exploitedβ for seven months π’
π Read
via "ITPro".
The company has issued a patch, but warned customers that the vulnerability left them exposed for over half a year π Read
via "ITPro".
ITPro
Barracuda network appliance vulnerability βactively exploitedβ for seven months
The company has issued a patch, but warned customers that the vulnerability left them exposed for over half a year
π’ Amazon's Ring agrees to $5.8m settlement over alleged use of its cameras to spy on female customers π’
π Read
via "ITPro".
The firm will also pay $25m for allegations Alexa stored child voice recordings indefinitely π Read
via "ITPro".
ITPro
Amazon's Ring agrees to $5.8m settlement over alleged use of its cameras to spy on female customers
The firm will also pay $25m for allegations Alexa stored child voice recordings indefinitely
π΄ Meet Charlotte, CrowdStrike's New Generative AI Assistant π΄
π Read
via "Dark Reading".
Charlotte AI is the latest security-based generative AI assistant to hit the market.π Read
via "Dark Reading".
Dark Reading
Meet Charlotte, CrowdStrike's New Generative AI Assistant
Charlotte AI is the latest security-based generative AI assistant to hit the market.
π΄ Top macOS Malware Threats Proliferate: Here Are 6 to Watch π΄
π Read
via "Dark Reading".
Apple's growing market share β in a shrinking PC market β and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments.π Read
via "Dark Reading".
Dark Reading
Top macOS Malware Threats: Here Are 6 to Watch
Apple's growing market share β in a shrinking PC market β and the growing use of Golang for malware development is pushing a gradual increase in malicious tools targeting macOS environments.
π΄ Dark Reading Launches Inaugural CISO Advisory Board π΄
π Read
via "Dark Reading".
Ten chief information security officers from a variety of verticals will provide valuable insights to Dark Reading on what they see as the industry's most pressing issues. π Read
via "Dark Reading".
Dark Reading
Dark Reading Launches Inaugural CISO Advisory Board
Ten chief information security officers from a variety of verticals will provide valuable insights to Dark Reading on what they see as the industry's most pressing issues.
π1
π΄ SolarWinds Transforms Brand to Signify Ongoing Evolution, Portfolio Expansion, and Customer Empowerment π΄
π Read
via "Dark Reading".
Refreshed version of iconic SolarWinds logo and vibrant new brand color palette honor companyβs historic success while highlighting future vision.π Read
via "Dark Reading".
Dark Reading
SolarWinds Transforms Brand to Signify Ongoing Evolution, Portfolio Expansion, and Customer Empowerment
Refreshed version of iconic SolarWinds logo and vibrant new brand color palette honor companyβs historic success while highlighting future vision.
βΌ CVE-2023-22652 βΌ
π Read
via "National Vulnerability Database".
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.This issue affects libeconf: before 0.5.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33546 βΌ
π Read
via "National Vulnerability Database".
janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33544 βΌ
π Read
via "National Vulnerability Database".
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43760 βΌ
π Read
via "National Vulnerability Database".
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page.This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.π Read
via "National Vulnerability Database".
π AIEngine 2.4.0 π
π Read
via "Packet Storm Security".
AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.π Read
via "Packet Storm Security".
Packetstormsecurity
AIEngine 2.4.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Serious Security: That KeePass βmaster password crackβ, and what we can learn from it β
π Read
via "Naked Security".
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β€1
π΄ Biometric Bypass: BrutePrint Makes Short Work of Fingerprint Security π΄
π Read
via "Dark Reading".
Bugs in the biometric protections on Android phones and iPhones allow the limit on the number of tries to unlock the devices with a fingerprint can be bypassed, allowing automated brute-force attacks.π Read
via "Dark Reading".
Dark Reading
Biometric Bypass: BrutePrint Makes Short Work of Fingerprint Security
Bugs in the biometric protections on Android phones and iPhones allow the limit on the number of tries to unlock the devices with a fingerprint can be bypassed, allowing automated brute-force attacks.
βΌ CVE-2023-33965 βΌ
π Read
via "National Vulnerability Database".
Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.π Read
via "National Vulnerability Database".
βοΈ Ask Fitis, the Bear: Real Crooks Sign Their Malware βοΈ
π Read
via "Krebs on Security".
Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on "Megatraffer," a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.π Read
via "Krebs on Security".
Krebs on Security
Ask Fitis, the Bear: Real Crooks Sign Their Malware
Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten codeβ¦