βΌ CVE-2023-35036 βΌ
π Read
via "National Vulnerability Database".
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35031 βΌ
π Read
via "National Vulnerability Database".
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.π Read
via "National Vulnerability Database".
π’ Fighting the βalways onβ culture thatβs savaging mental health in cyber security π’
π Read
via "ITPro".
With personnel already stretched due to skills shortages, workplace pressure is causing a mental health nightmare π Read
via "ITPro".
ITPro
Fighting the βalways onβ culture thatβs savaging mental health in cyber security
With personnel already stretched due to skills shortages, workplace pressure is causing a mental health nightmare
βΌ CVE-2015-10118 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π’ Log4J exploits may rise further as Microsoft continues war on phishing π’
π Read
via "ITPro".
Despite Log4J patches being made almost immediately in 2021, exploit attempts are still in the tens of millions π Read
via "ITPro".
ITPro
Log4J exploits may rise further as Microsoft continues war on phishing
Despite Log4J patches being made almost immediately in 2021, exploit attempts are still in the tens of millions
π΄ Doing Less With Less: Focusing on Value π΄
π Read
via "Dark Reading".
Always reach for defense in depth with proposed security changes. Measure and test results, focus on items of greatest impact, and get C-suite members involved to drive better outcomes.π Read
via "Dark Reading".
Dark Reading
Doing Less With Less: Focusing on Value
Always reach for defense in depth with proposed security changes. Measure and test results, focus on items of greatest impact, and get C-suite members involved to drive better outcomes.
βΌ CVE-2023-33492 βΌ
π Read
via "National Vulnerability Database".
EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-33253 βΌ
π Read
via "National Vulnerability Database".
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-34581 βΌ
π Read
via "National Vulnerability Database".
Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2π Read
via "National Vulnerability Database".
βΌ CVE-2023-32961 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <=Γ 7.3.3 versions.π Read
via "National Vulnerability Database".
π΄ Supply Chain Attack Defense Demands Mature Threat Hunting π΄
π Read
via "Dark Reading".
Active threat hunting is the best protection against supply chain attacks like MOVEit and 3CX, experts say. π Read
via "Dark Reading".
Dark Reading
Supply Chain Attack Defense Demands Mature Threat Hunting
Active threat hunting is the best protection against supply chain attacks like MOVEit and 3CX, experts say.
π΄ 'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware π΄
π Read
via "Dark Reading".
Surveillance malware targets Libyan government entities, with possible links to a 2019 Egypt attack campaign.π Read
via "Dark Reading".
Dark Reading
'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware
Surveillance malware targets Libyan government entities, with possible links to a 2019 Egypt attack campaign.
β History revisited: US DOJ unseals Mt. Gox cybercrime charges β
π Read
via "Naked Security".
Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-34345 βΌ
π Read
via "National Vulnerability Database".
AMI BMC contains a vulnerability in the SPX REST API, where anattacker with the required privileges can access arbitrary files, which maylead to information disclosure.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-28933 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPeteDesign Call Now Accessibility Button plugin <=Γ 1.1 versions.π Read
via "National Vulnerability Database".
β€1
π΄ 10 Important Security Tasks You Shouldn't Skip π΄
π Read
via "Dark Reading".
Time and money are valuable and finite, but some actions are well worth spending those resources on.π Read
via "Dark Reading".
Dark Reading
10 Important Security Tasks You Shouldn't Skip
Time and money are valuable and finite, but some actions are well worth spending those resources on.
βΌ CVE-2023-2568 βΌ
π Read
via "National Vulnerability Database".
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2023-34334 βΌ
π Read
via "National Vulnerability Database".
AMI BMC contains a vulnerability in the SPX REST API, where anattacker with the required privileges can inject arbitrary shell commands,which may lead to code execution, denial of service, information disclosure, ordata tampering.Γ π Read
via "National Vulnerability Database".
β€1
π΄ Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Reports Finds π΄
π Read
via "Dark Reading".
Okta platform data-based study finds FastPass and WebAuthn offer far stronger security and faster, more reliable user experiences.π Read
via "Dark Reading".
Dark Reading
Use of Multifactor Authentication (MFA) Nearly Doubles Since 2020, Okta Secure Sign-in Trends Report Finds
Okta platform data-based study finds FastPass and WebAuthn offer far stronger security and faster, more reliable user experiences.
βΌ CVE-2023-3161 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33624 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-31472. Reason: This record is a reservation duplicate of CVE-2023-31472. Notes: All CVE users should reference CVE-2023-31472 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".