βΌ CVE-2023-33496 βΌ
π Read
via "National Vulnerability Database".
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31116 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29168 βΌ
π Read
via "National Vulnerability Database".
The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29502 βΌ
π Read
via "National Vulnerability Database".
Before importing a project into Vuforia, a user could modify the Γ’β¬ΕresourceDirectoryΓ’β¬οΏ½ attribute in the appConfig.json file to be a different path.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2904 βΌ
π Read
via "National Vulnerability Database".
The External Visitor Manager portal of HIDΓ’β¬β’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29152 βΌ
π Read
via "National Vulnerability Database".
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-31200 βΌ
π Read
via "National Vulnerability Database".
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.π Read
via "National Vulnerability Database".
β€2
βΌ CVE-2023-33846 βΌ
π Read
via "National Vulnerability Database".
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23481 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889.π Read
via "National Vulnerability Database".
π’ Barracuda Networks says hacked devices βmust be immediately replacedβ despite patches π’
π Read
via "ITPro".
Seven-month exploitation of a critical vulnerability enabled persistent backdoor access in its email security gateway devices π Read
via "ITPro".
ITPro
Barracuda Networks says hacked devices βmust be immediately replacedβ despite patches
Seven-month exploitation of a critical vulnerability enabled persistent backdoor access in its email security gateway devices
π’ The top malware and ransomware threats for June 2023 π’
π Read
via "ITPro".
Organizations face a fresh round of cyber threats as criminals continue to evolve their tactics π Read
via "ITPro".
ITPro
The top malware and ransomware threats for June 2023
Organizations face a fresh round of cyber threats as criminals continue to evolve their tactics
β€1
π΄ 60K+ Android Apps Have Delivered Adware Undetected for Months π΄
π Read
via "Dark Reading".
A campaign targeting mainly US users disguised malware in fake security software, game cracks, cheats, free Netflix, and other "modded" apps.π Read
via "Dark Reading".
Dark Reading
60K+ Android Apps Have Delivered Adware Undetected for Months
A campaign targeting mainly US users disguised malware in fake security software, game cracks, cheats, free Netflix, and other "modded" apps.
π1
β Firefox 114 is out: No 0-days, but one fascinating βteachable momentβ bug β
π Read
via "Naked Security".
With the right (or wrong, if you're on the right side of the fence) timing...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover π΄
π Read
via "Dark Reading".
The bug is very dangerous and impacts a big swath of the developer community, researchers warn.π Read
via "Dark Reading".
Dark Reading
Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover
The bug is very dangerous and impacts a big swath of the developer community, researchers warn.
βΌ CVE-2023-33660 βΌ
π Read
via "National Vulnerability Database".
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33657 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.π Read
via "National Vulnerability Database".
π΄ Fighting AI-Powered Fraud: Let the Battle of the Machines Begin π΄
π Read
via "Dark Reading".
As cybercriminals tap the power of machine learning and generative AI to outwit fraud-detection systems, online fraud-prevention technologies must evolve accordingly.π Read
via "Dark Reading".
Dark Reading
Fighting AI-Powered Fraud: Let the Battle of the Machines Begin
As cybercriminals tap the power of machine learning and generative AI to outwit fraud-detection systems, online fraud-prevention technologies must evolve accordingly.
π΄ Sophisticated 'Impulse Project' Crypto Scam Sprawls With 1,000 Affiliate Sites π΄
π Read
via "Dark Reading".
Ready-to-defraud turnkey services from Russia's Impulse Team are offered on the cyber underground and have built a campaign that has operated undetected dating back to 2016.π Read
via "Dark Reading".
Dark Reading
Sophisticated 'Impulse Project' Crypto Scam Sprawls With 1,000 Affiliate Sites
Ready-to-defraud turnkey services from Russia's Impulse Team are offered on the cyber underground and have built a campaign that has operated undetected dating back to 2016.
βΌ CVE-2023-34570 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34571 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.π Read
via "National Vulnerability Database".
β S3 Ep138: I like to MOVEit, MOVEit β
π Read
via "Naked Security".
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News