βΌ CVE-2015-10112 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652.π Read
via "National Vulnerability Database".
π’ Play ransomware gang says it's behind attack on major Spanish bank π’
π Read
via "ITPro".
The Globalcaja incident marks the latest in a string of highly disruptive attacks waged by the Play ransomware group π Read
via "ITPro".
ITPro
Play ransomware gang says it's behind attack on major Spanish bank
The Globalcaja incident marks the latest in a string of highly disruptive attacks waged by the Play ransomware group
π’ Microsoft says it knows who was behind cyber attacks on MOVEit Transfer π’
π Read
via "ITPro".
Dozens of organizations may have already lost data to hackers exploiting the critical flaw π Read
via "ITPro".
ITPro
Microsoft says it knows who was behind cyber attacks on MOVEit Transfer
Dozens of organizations may have already lost data to hackers exploiting the critical flaw
π΄ After 'Inception' Attack, New Due Diligence Requirements Are Needed π΄
π Read
via "Dark Reading".
To stem supply chain attacks, forging a new dynamic of shared cybersecurity hygiene accountability is the right thing to do.π Read
via "Dark Reading".
Dark Reading
After 'Inception' Attack, New Due Diligence Requirements Are Needed
To stem supply chain attacks, forging a new dynamic of shared cybersecurity hygiene accountability is the right thing to do.
βΌ CVE-2023-27989 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.π Read
via "National Vulnerability Database".
π΄ Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway π΄
π Read
via "Dark Reading".
With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries.π Read
via "Dark Reading".
Dark Reading
Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway
With shades of the GoAnywhere attacks, a cyber threat actor linked to FIN11 is leveraging a bug in the widely used managed file transfer product to steal data from organizations in multiple countries.
βΌ CVE-2023-2572 βΌ
π Read
via "National Vulnerability Database".
The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2023-2472 βΌ
π Read
via "National Vulnerability Database".
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
π΄ Don't Overlook Twitter's Trove of Threat Intel for Enterprise Cybersecurity π΄
π Read
via "Dark Reading".
Social media data can provide critical clues to help get ahead of the next cyberattack, experts say. π Read
via "Dark Reading".
Dark Reading
Don't Overlook Twitter's Trove of Threat Intel for Enterprise Cybersecurity
Social media data can provide critical clues to help get ahead of the next cyberattack, experts say.
β Researchers claim Windows βbackdoorβ affects hundreds of Gigabyte motherboards β
π Read
via "Naked Security".
It's a backdoor, Jim, but not as we know it... here's a sober look at this issue.π Read
via "Naked Security".
β€2
β MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to doβ¦ β
π Read
via "Naked Security".
Little Bobby Tables is back!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Moonlighter Satellite Offers In-Orbit Target for Space Hackers π΄
π Read
via "Dark Reading".
Moonlighter, which offers red teams a chance at operational disruption, will be up for pwning at in August, timed with DEF CON.π Read
via "Dark Reading".
Dark Reading
Moonlighter Satellite Offers In-Orbit Target for Space Hackers
Moonlighter, which offers red teams a chance at operational disruption, will be up for pwning at in August, timed with DEF CON.
βΌ CVE-2015-10113 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33693 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29344 βΌ
π Read
via "National Vulnerability Database".
Microsoft Office Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
β€1
π΄ 2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack π΄
π Read
via "Dark Reading".
With the leak of information such as Social Security numbers, in addition to other protected information, 600,000 of the nearly 2.5 million affected are at risk for identity theft.π Read
via "Dark Reading".
Dark Reading
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack
With the leak of information such as Social Security numbers, in addition to other protected information, 600,000 of the nearly 2.5 million affected are at risk for identity theft.
π΄ Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall π΄
π Read
via "Dark Reading".
Some billion-dollar organizations have already been identified as victims of the prolific ransomware group's latest exploit, amidst ongoing attacks.π Read
via "Dark Reading".
Dark Reading
Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall
Some billion-dollar organizations have already been identified as victims of the prolific ransomware group's latest exploit, amidst ongoing attacks.
π΄ Red Sift Launches Relevance Detection as GPT-4-Powered Asset Discovery and Classification Solution π΄
π Read
via "Dark Reading".
New AI feature enhances OnDOMAIN's capabilities to secure unknown vulnerabilities and strengthen network security posture.π Read
via "Dark Reading".
Dark Reading
Red Sift Launches Relevance Detection as GPT-4-Powered Asset Discovery and Classification Solution
New AI feature enhances OnDOMAIN's capabilities to secure unknown vulnerabilities and strengthen network security posture.
βΌ CVE-2023-33409 βΌ
π Read
via "National Vulnerability Database".
Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19028 βΌ
π Read
via "National Vulnerability Database".
*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-34103 βΌ
π Read
via "National Vulnerability Database".
Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are stored and no specific timing is required. This issue has been addressed in commit `7891c01e` which is expected to be included in the next release of avo. Users are advised to configure CSP headers for their application and to limit untrusted user access as a mitigation.π Read
via "National Vulnerability Database".