π΄ Cycode Launches CI/CD Pipeline Monitoring Solution (Cimon) to Prevent Supply Chain Attacks π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Cycode Launches CI/CD Pipeline Monitoring Solution (Cimon) to Prevent Supply Chain Attacks
SAN FRANCISCO, June 12, 2023 β Cycode, the leading application security platform, today announced the launch of Cimon, a seamless solution that enhances the security of CI/CD pipelines to prevent software supply chain attacks such as those that targeted SolarWindsβ¦
π΄ Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs π΄
π Read
via "Dark Reading".
Mandiant's ongoing investigation of UNC3886 has uncovered new details of threat actors' TTPs.π Read
via "Dark Reading".
Dark Reading
Chinese Threat Actor Abused ESXi Zero-Day to Pilfer Files From Guest VMs
Mandiant's ongoing investigation of UNC3886 has uncovered new details of threat actors' TTPs.
β Gozi banking malware βIT chiefβ finally jailed after more than 10 years β
π Read
via "Naked Security".
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end...π Read
via "Naked Security".
Naked Security
Gozi banking malware βIT chiefβ finally jailed after more than 10 years
Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the endβ¦
β Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes β
π Read
via "Naked Security".
No zero-days this month, if you ignore the Edge RCE hole patched last weekπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-31142 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. A workaround, only if you are modifying the general category permissions, is to use a new category for the same purpose.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32301 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the `stable` branch and version 3.1.0.beta5 of the `beta` and `tests-passed` branches. As a workaround, disable topic embedding if it has been enabled.π Read
via "National Vulnerability Database".
π AIDE 0.18.4 π
π Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.π Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.18.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
βΌ CVE-2023-29357 βΌ
π Read
via "National Vulnerability Database".
Microsoft SharePoint Server Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29364 βΌ
π Read
via "National Vulnerability Database".
Windows Authentication Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29366 βΌ
π Read
via "National Vulnerability Database".
Windows Geolocation Service Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-24938 βΌ
π Read
via "National Vulnerability Database".
Windows CryptoAPI Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29353 βΌ
π Read
via "National Vulnerability Database".
Sysinternals Process Monitor for Windows Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32010 βΌ
π Read
via "National Vulnerability Database".
Windows Bus Filter Driver Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32011 βΌ
π Read
via "National Vulnerability Database".
Windows iSCSI Discovery Service Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29372 βΌ
π Read
via "National Vulnerability Database".
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32032 βΌ
π Read
via "National Vulnerability Database".
.NET and Visual Studio Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32017 βΌ
π Read
via "National Vulnerability Database".
Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32015 βΌ
π Read
via "National Vulnerability Database".
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29363 βΌ
π Read
via "National Vulnerability Database".
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29367 βΌ
π Read
via "National Vulnerability Database".
iSCSI Target WMI Provider Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29355 βΌ
π Read
via "National Vulnerability Database".
DHCP Server Service Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".