βΌ CVE-2023-0668 βΌ
π Read
via "National Vulnerability Database".
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36696 βΌ
π Read
via "National Vulnerability Database".
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36700 βΌ
π Read
via "National Vulnerability Database".
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-30576 βΌ
π Read
via "National Vulnerability Database".
Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2186 βΌ
π Read
via "National Vulnerability Database".
On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string vulnerability to repeatedly crash the GTWWebMonitor.exe process to DoS the Web Monitor. Furthermore, an authenticated user can leverage this vulnerability to leak memory from the GTWWebMonitor.exe process. This could be leveraged in an exploit chain to gain code execution.π Read
via "National Vulnerability Database".
π’ MOVEit cyber attack: Cl0p sparks speculation that itβs lost control of hack π’
π Read
via "ITPro".
The hackers return with their second major data-extortion attack of 2023, but may have bitten off more than they can chew π Read
via "ITPro".
ITPro
MOVEit cyber attack: Cl0p sparks speculation that itβs lost control of hack
The hackers return with their second major data-extortion attack of 2023, but may have bitten off more than they can chew
π’ Security consolidation is about improving results, not just cost savings π’
π Read
via "ITPro".
Channel partners can play a key role in enabling businesses to consolidate security operations and bolster resilience π Read
via "ITPro".
channelpro
Security consolidation is about improving results, not just cost savings
Channel partners can play a key role in enabling businesses to consolidate security operations and bolster resilience
βΌ CVE-2023-3140 βΌ
π Read
via "National Vulnerability Database".
Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server.π Read
via "National Vulnerability Database".
β€1
π΄ Cisco Touts New AI-Based Security, SSE Features π΄
π Read
via "Dark Reading".
Cisco laid out its AI plans and a vision for unified cloud security during Cisco Live 2023.π Read
via "Dark Reading".
Dark Reading
Cisco Touts New AI-Based Security, SSE Features
Cisco laid out its plans for artificial intelligence (AI) and a vision for unified cloud security during Cisco Live 2023.
π1
β Chrome zero-day: βThis exploit is in the wildβ, so check your version now β
π Read
via "Naked Security".
Chrome 0-day patched now, Edge patch coming soon.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ The Case for a Federal Cyber-Insurance Backstop π΄
π Read
via "Dark Reading".
By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack. π Read
via "Dark Reading".
Dark Reading
The Case for a Federal Cyber-Insurance Backstop
By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack.
βΌ CVE-2021-4380 βΌ
π Read
via "National Vulnerability Database".
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.π Read
via "National Vulnerability Database".
π΄ FBI: Sextortionist Campaigns Use Deepfakes to Target Children, Adults π΄
π Read
via "Dark Reading".
Threat actors are lifting public images and videos from the Internet, altering them, and posting them online in a new wave of sextortion campaigns.π Read
via "Dark Reading".
Dark Reading
FBI: Sextortionist Campaigns Use Deepfakes to Target Children, Adults
Threat actors are lifting public images and videos from the Internet, altering them, and posting them online in a new wave of sextortion campaigns.
βΌ CVE-2023-3145 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Online Discussion Forum Site 1.0. Affected by this issue is some unknown functionality of the file classes\Users.php?f=registration. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231014 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33498 βΌ
π Read
via "National Vulnerability Database".
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.π Read
via "National Vulnerability Database".
π Falco 0.35.0 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.35.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Cyber Essentialism & 'Doing Less With Less' π΄
π Read
via "Dark Reading".
Cybersecurity benefits from a focus on the vital few chores rather than the trivial many. Find the "right things" to encourage strategic thinking, then move the culture needle to promote that policy.π Read
via "Dark Reading".
Dark Reading
Cyber Essentialism & 'Doing Less With Less'
Cybersecurity benefits from a focus on the vital few chores rather than the trivial many. Find the "right things" to encourage strategic thinking, then move the culture needle to promote that policy.
β Firefox 114 is out: No 0-days, but one fascinating βteachable momentβ bug β
π Read
via "Naked Security".
With the right (or wrong, if you're on the right side of the fence) timing...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-1825 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3146 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\categories\manage_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231015.π Read
via "National Vulnerability Database".
π΄ Microsoft Fined $20M For Xbox Child Data Collection π΄
π Read
via "Dark Reading".
The FTC has demanded additional data privacy protections for kids using Xbox gaming systems, extending COPPA protections.π Read
via "Dark Reading".
Dark Reading
Microsoft Fined $20M For Xbox Child Data Collection
The FTC has demanded additional data privacy protections for kids using Xbox gaming systems, extending COPPA protections.