βΌ CVE-2023-29167 βΌ
π Read
via "National Vulnerability Database".
Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.π Read
via "National Vulnerability Database".
π’ Capita handed Β£50m London police contract weeks after losing pension data π’
π Read
via "ITPro".
The outsourcer will provide digital fraud reporting services after its cyber incident disclosure drew criticism π Read
via "ITPro".
ITPro
Capita handed Β£50m London police contract weeks after losing pension data
The outsourcer will provide digital fraud reporting services after its cyber incident disclosure drew criticism
π2
βΌ CVE-2023-3050 βΌ
π Read
via "National Vulnerability Database".
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3049 βΌ
π Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.π Read
via "National Vulnerability Database".
π΄ Why Critical Infrastructure Remains a Ransomware Target π΄
π Read
via "Dark Reading".
While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks.π Read
via "Dark Reading".
Dark Reading
Why Critical Infrastructure Remains a Ransomware Target
While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks.
βΌ CVE-2023-33568 βΌ
π Read
via "National Vulnerability Database".
An issue in Dolibarr v16.0.0 to v16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35064 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607.π Read
via "National Vulnerability Database".
β History revisited: US DOJ unseals Mt. Gox cybercrime charges β
π Read
via "Naked Security".
Though the mills of the Law grind slowly/Yet they grind exceeding small/Though with patience they stand waiting/With exactness grind they all...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Gozi banking malware βIT chiefβ finally jailed after more than 10 years β
π Read
via "Naked Security".
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...π Read
via "Naked Security".
Naked Security
Gozi banking malware βIT chiefβ finally jailed after more than 10 years
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the endβ¦
π΄ How Security Leaders Should Approach Cybersecurity Startups π΄
π Read
via "Dark Reading".
Vendors and buyers both have the power to make the industry a better place. What's needed is more collaboration, mutual support, and respect.π Read
via "Dark Reading".
Dark Reading
How Security Leaders Should Approach Cybersecurity Startups
Vendors and buyers both have the power to make the industry a better place. What's needed is more collaboration, mutual support, and respect.
π1
βΌ CVE-2022-31635 βΌ
π Read
via "National Vulnerability Database".
Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33620 βΌ
π Read
via "National Vulnerability Database".
GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27836 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34122 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3214 βΌ
π Read
via "National Vulnerability Database".
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)π Read
via "National Vulnerability Database".
βοΈ Microsoft Patch Tuesday, June 2023 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.π Read
via "Krebs on Security".
Krebs on Security
Microsoft Patch Tuesday, June 2023 Edition
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appearsβ¦
π΄ Harness the Power of PKI to Battle Data Breaches π΄
π Read
via "Dark Reading".
The average cost of a data breach is $4.35 million. Understand the power of public key infrastructure (PKI) and its role in encrypting data and battling breaches.π Read
via "Dark Reading".
Dark Reading
Harness the Power of PKI to Battle Data Breaches
The average cost of a data breach is $4.35 million. Understand the power of public key infrastructure (PKI) and its role in encrypting data and battling breaches.
π Hydra Network Logon Cracker 9.5 π
π Read
via "Packet Storm Security".
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.π Read
via "Packet Storm Security".
Packetstormsecurity
Hydra Network Logon Cracker 9.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam π΄
π Read
via "Dark Reading".
Threat actors have created over 3,000 domains, some as old as two years, to lure in customers to false, name brand websites for personal financial gain. π Read
via "Dark Reading".
Dark Reading
Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam
Threat actors have created over 3,000 domains, some as old as two years, to lure in customers to false, name brand websites for personal financial gain.
π1
βΌ CVE-2023-34537 βΌ
π Read
via "National Vulnerability Database".
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2637 βΌ
π Read
via "National Vulnerability Database".
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.Γ Hard-coded cryptographic key may lead to privilege escalation.Γ This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.π Read
via "National Vulnerability Database".