βΌ CVE-2023-2904 βΌ
π Read
via "National Vulnerability Database".
The External Visitor Manager portal of HIDΓ’β¬β’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29152 βΌ
π Read
via "National Vulnerability Database".
By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-31200 βΌ
π Read
via "National Vulnerability Database".
PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack.π Read
via "National Vulnerability Database".
β€2
βΌ CVE-2023-33846 βΌ
π Read
via "National Vulnerability Database".
IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23481 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889.π Read
via "National Vulnerability Database".
π’ Barracuda Networks says hacked devices βmust be immediately replacedβ despite patches π’
π Read
via "ITPro".
Seven-month exploitation of a critical vulnerability enabled persistent backdoor access in its email security gateway devices π Read
via "ITPro".
ITPro
Barracuda Networks says hacked devices βmust be immediately replacedβ despite patches
Seven-month exploitation of a critical vulnerability enabled persistent backdoor access in its email security gateway devices
π’ The top malware and ransomware threats for June 2023 π’
π Read
via "ITPro".
Organizations face a fresh round of cyber threats as criminals continue to evolve their tactics π Read
via "ITPro".
ITPro
The top malware and ransomware threats for June 2023
Organizations face a fresh round of cyber threats as criminals continue to evolve their tactics
β€1
π΄ 60K+ Android Apps Have Delivered Adware Undetected for Months π΄
π Read
via "Dark Reading".
A campaign targeting mainly US users disguised malware in fake security software, game cracks, cheats, free Netflix, and other "modded" apps.π Read
via "Dark Reading".
Dark Reading
60K+ Android Apps Have Delivered Adware Undetected for Months
A campaign targeting mainly US users disguised malware in fake security software, game cracks, cheats, free Netflix, and other "modded" apps.
π1
β Firefox 114 is out: No 0-days, but one fascinating βteachable momentβ bug β
π Read
via "Naked Security".
With the right (or wrong, if you're on the right side of the fence) timing...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover π΄
π Read
via "Dark Reading".
The bug is very dangerous and impacts a big swath of the developer community, researchers warn.π Read
via "Dark Reading".
Dark Reading
Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover
The bug is very dangerous and impacts a big swath of the developer community, researchers warn.
βΌ CVE-2023-33660 βΌ
π Read
via "National Vulnerability Database".
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c. An attacker could exploit this vulnerability to cause a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33657 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack.π Read
via "National Vulnerability Database".
π΄ Fighting AI-Powered Fraud: Let the Battle of the Machines Begin π΄
π Read
via "Dark Reading".
As cybercriminals tap the power of machine learning and generative AI to outwit fraud-detection systems, online fraud-prevention technologies must evolve accordingly.π Read
via "Dark Reading".
Dark Reading
Fighting AI-Powered Fraud: Let the Battle of the Machines Begin
As cybercriminals tap the power of machine learning and generative AI to outwit fraud-detection systems, online fraud-prevention technologies must evolve accordingly.
π΄ Sophisticated 'Impulse Project' Crypto Scam Sprawls With 1,000 Affiliate Sites π΄
π Read
via "Dark Reading".
Ready-to-defraud turnkey services from Russia's Impulse Team are offered on the cyber underground and have built a campaign that has operated undetected dating back to 2016.π Read
via "Dark Reading".
Dark Reading
Sophisticated 'Impulse Project' Crypto Scam Sprawls With 1,000 Affiliate Sites
Ready-to-defraud turnkey services from Russia's Impulse Team are offered on the cyber underground and have built a campaign that has operated undetected dating back to 2016.
βΌ CVE-2023-34570 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34571 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.π Read
via "National Vulnerability Database".
β S3 Ep138: I like to MOVEit, MOVEit β
π Read
via "Naked Security".
Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available...)π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ The Growing Cyber Threats of Generative AI: Who's Accountable? π΄
π Read
via "Dark Reading".
In the wrong hands, malicious actors can use chatbots to unleash sophisticated cyberattacks that could have devastating consequences.π Read
via "Dark Reading".
Dark Reading
The Growing Cyber Threats of Generative AI: Who's Accountable?
In the wrong hands, malicious actors can use chatbots to unleash sophisticated cyberattacks that could have devastating consequences.
βΌ CVE-2023-3165 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the argument nominee_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231109 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π΄ Barracuda Warns All ESG Appliances Need Urgent Rip & Replace π΄
π Read
via "Dark Reading".
Patching, wiping ESG devices not enough to deny threat actor access following compromise, Barracuda says. π Read
via "Dark Reading".
Dark Reading
Barracuda Warns ESG Appliances Need Urgent Rip & Replace
Patching, wiping ESG devices not enough to deny threat actor access following compromise, Barracuda says.
βΌ CVE-2023-34958 βΌ
π Read
via "National Vulnerability Database".
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.π Read
via "National Vulnerability Database".