βΌ CVE-2023-34865 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24936 βΌ
π Read
via "National Vulnerability Database".
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-35110 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.π Read
via "National Vulnerability Database".
β€1
π΄ Why Your SEG Could Be Your Email Security Achilles' Heel π΄
π Read
via "Dark Reading".
As business email compromise attacks continue to grow and become increasingly sophisticated, is your secure email gateway providing sufficient protection?π Read
via "Dark Reading".
Dark Reading
Why Your SEG Could Be Your Email Security Achilles' Heel
As business email compromise attacks continue to grow and become increasingly sophisticated, is your secure email gateway providing sufficient protection?
π΄ Moving the Cyber Industry Forward Requires a Novel Approach π΄
π Read
via "Dark Reading".
CISOs need to be better equipped with strategic metrics and proof points to better align their organization for defense against the ever-changing threat landscape.π Read
via "Dark Reading".
Dark Reading
Moving the Cyber Industry Forward Requires a Novel Approach
CISOs need to be better equipped with strategic metrics and proof points to better align their organization for defense against the ever-changing threat landscape.
βΌ CVE-2023-0010 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal userΓ’β¬β’s browser when they click on a specifically crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34868 βΌ
π Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2976 βΌ
π Read
via "National Vulnerability Database".
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31671 βΌ
π Read
via "National Vulnerability Database".
PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess().π Read
via "National Vulnerability Database".
π΄ XSS Vulnerabilities Found in Microsoft Azure Cloud Services π΄
π Read
via "Dark Reading".
Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions.π Read
via "Dark Reading".
Dark Reading
XSS Vulnerabilities Found in Microsoft Azure Cloud Services
Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions.
π΄ Illinois Hospital Closure Showcases Ransomware's Existential Threat π΄
π Read
via "Dark Reading".
St. Margaret's Health is shutting down due to a 2021 ransomware attack and other factors. It's an object lesson for how small and rural healthcare facilities face grave cyber-risk when extortionists come calling.π Read
via "Dark Reading".
Dark Reading
Illinois Hospital Closure Showcases Ransomware's Existential Threat
St. Margaret's Health is shutting down due to a 2021 ransomware attack and other factors. It's an object lesson for how small and rural healthcare facilities face grave cyber-risk when extortionists come calling.
βΌ CVE-2023-26062 βΌ
π Read
via "National Vulnerability Database".
A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of mobile network solution architecture. This means that exploit is not possible from mobile network user UEs, from roaming networks, or from the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34565 βΌ
π Read
via "National Vulnerability Database".
Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" function.π Read
via "National Vulnerability Database".
π΄ Russian APT 'Cadet Blizzard' Behind Ukraine Wiper Attacks π΄
π Read
via "Dark Reading".
Microsoft says Cadet Blizzard wielded a custom wiper malware in the weeks leading up to Russia's invasion of Ukraine, and it remains capable of wanton destruction.π Read
via "Dark Reading".
Dark Reading
Russian APT 'Cadet Blizzard' Behind Ukraine Wiper Attacks
Microsoft says Cadet Blizzard wielded a custom wiper malware in the weeks leading up to Russia's invasion of Ukraine, and it remains capable of wanton destruction.
βΌ CVE-2023-34252 βΌ
π Read
via "National Vulnerability Database".
Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a callable argument allows the validation check to be skipped. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. The vulnerability can be found in the `GravExtension.filterFilter()` function declared in `/system/src/Grav/Common/Twig/Extension/GravExtension.php`. Version 1.7.42 contains a patch for this issue. End users should also ensure that `twig.undefined_functions` and `twig.undefined_filters` properties in `/path/to/webroot/system/config/system.yaml` configuration file are set to `false` to disallow Twig from treating undefined filters/functions as PHP functions and executing them.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2819 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. ?This could result in arbitrary javascript code execution in an admin context.?All versions prior to 5.10.0 are affected.?Γ π Read
via "National Vulnerability Database".
π΄ Cryptocurrency Attacks Quadrupled as Cybercriminals Cash In π΄
π Read
via "Dark Reading".
Attackers continue to attempt to steal Bitcoin and other virtual coins, with a 40% increase in phishing attacks and fourfold increase in incidents.π Read
via "Dark Reading".
Dark Reading
Cryptocurrency Attacks Quadrupled as Cybercriminals Cash In
Attackers continue to attempt to steal Bitcoin and other virtual coins, with a 40% increase in phishing attacks and fourfold increase in incidents.
π΄ Network-Security Testing Standard Nears Prime Time π΄
π Read
via "Dark Reading".
The evaluation of network-security appliances gained ground in May with a new draft of its testing and benchmarking guide, which could be adopted later this year.π Read
via "Dark Reading".
Dark Reading
Network-Security Testing Standard Nears Prime Time
NetSecOpen recently released a new draft of its testing and benchmarking guide, which could be adopted later this year.
βΌ CVE-2022-22307 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35029 βΌ
π Read
via "National Vulnerability Database".
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32752 βΌ
π Read
via "National Vulnerability Database".
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.π Read
via "National Vulnerability Database".