βΌ CVE-2023-29344 βΌ
π Read
via "National Vulnerability Database".
Microsoft Office Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
β€1
π΄ 2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack π΄
π Read
via "Dark Reading".
With the leak of information such as Social Security numbers, in addition to other protected information, 600,000 of the nearly 2.5 million affected are at risk for identity theft.π Read
via "Dark Reading".
Dark Reading
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack
With the leak of information such as Social Security numbers, in addition to other protected information, 600,000 of the nearly 2.5 million affected are at risk for identity theft.
π΄ Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall π΄
π Read
via "Dark Reading".
Some billion-dollar organizations have already been identified as victims of the prolific ransomware group's latest exploit, amidst ongoing attacks.π Read
via "Dark Reading".
Dark Reading
Microsoft Links MOVEit Attack to Cl0p as British Airways, BBC Fall
Some billion-dollar organizations have already been identified as victims of the prolific ransomware group's latest exploit, amidst ongoing attacks.
π΄ Red Sift Launches Relevance Detection as GPT-4-Powered Asset Discovery and Classification Solution π΄
π Read
via "Dark Reading".
New AI feature enhances OnDOMAIN's capabilities to secure unknown vulnerabilities and strengthen network security posture.π Read
via "Dark Reading".
Dark Reading
Red Sift Launches Relevance Detection as GPT-4-Powered Asset Discovery and Classification Solution
New AI feature enhances OnDOMAIN's capabilities to secure unknown vulnerabilities and strengthen network security posture.
βΌ CVE-2023-33409 βΌ
π Read
via "National Vulnerability Database".
Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19028 βΌ
π Read
via "National Vulnerability Database".
*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-34103 βΌ
π Read
via "National Vulnerability Database".
Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are stored and no specific timing is required. This issue has been addressed in commit `7891c01e` which is expected to be included in the next release of avo. Users are advised to configure CSP headers for their application and to limit untrusted user access as a mitigation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48181 βΌ
π Read
via "National Vulnerability Database".
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22450 βΌ
π Read
via "National Vulnerability Database".
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32628 βΌ
π Read
via "National Vulnerability Database".
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.π Read
via "National Vulnerability Database".
β MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to doβ¦ β
π Read
via "Naked Security".
Little Bobby Tables is back!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-48441 βΌ
π Read
via "National Vulnerability Database".
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33230 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in FM Host due to buffer copy without checking the size of input in FM Hostπ Read
via "National Vulnerability Database".
βΌ CVE-2023-30863 βΌ
π Read
via "National Vulnerability Database".
In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21670 βΌ
π Read
via "National Vulnerability Database".
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode.π Read
via "National Vulnerability Database".
π΄ ChatGPT Hallucinations Open Developers to Supply-Chain Malware Attacks π΄
π Read
via "Dark Reading".
Attackers could exploit a common AI experienceβfalse recommendationsβto spread malicious code via developers that use ChatGPT to create software.π Read
via "Dark Reading".
Dark Reading
ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks
Attackers could exploit a common AI experience β false recommendations β to spread malicious code via developers that use ChatGPT to create software.
βΌ CVE-2023-1779 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an unauthorized actor vulnerabilityΓ in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2833 βΌ
π Read
via "National Vulnerability Database".
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.π Read
via "National Vulnerability Database".
π΄ US Aerospace Contractor Hacked With 'PowerDrop' Backdoor π΄
π Read
via "Dark Reading".
Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.π Read
via "Dark Reading".
Dark Reading
US Aerospace Contractor Hacked With 'PowerDrop' Backdoor
Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.
β€2
π΄ Filling the Gaps: How to Secure the Future of Hybrid Work π΄
π Read
via "Dark Reading".
By enhancing remote management and adopting hardware-enforced security, productivity can continue without inviting extra cyber-risk.π Read
via "Dark Reading".
Dark Reading
Filling the Gaps: How to Secure the Future of Hybrid Work
By enhancing remote management and adopting hardware-enforced security, productivity can continue without inviting extra cyber-risk.
βΌ CVE-2023-20724 βΌ
π Read
via "National Vulnerability Database".
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843841.π Read
via "National Vulnerability Database".