βΌ CVE-2023-32229 βΌ
π Read
via "National Vulnerability Database".
Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256.π Read
via "National Vulnerability Database".
β Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes β
π Read
via "Naked Security".
No zero-days this month, if you ignore the Edge RCE hole patched last weekπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-3275 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25450 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP Γ’β¬β Donation Plugin and Fundraising Platform plugin <=Γ 2.25.1 versions.π Read
via "National Vulnerability Database".
π΄ Borderless Data vs. Data Sovereignty: Can They Co-Exist? π΄
π Read
via "Dark Reading".
Organizations that remain compliant with data-sovereignty regulations while enabling cross-border data sharing gain significant competitive advantage because they can make quick, agile, and informed decisions.π Read
via "Dark Reading".
Dark Reading
Borderless Data vs. Data Sovereignty: Can They Co-Exist?
Organizations that remain compliant with data-sovereignty regulations while enabling cross-border data sharing gain significant competitive advantage because they can make quick, agile, and informed decisions.
π΄ 'Shampoo' ChromeLoader Variant Difficult to Wash Out π΄
π Read
via "Dark Reading".
A new version of the infamous browser extension is spreading through files on websites offering pirated wares, and leverages unique persistence mechanisms.π Read
via "Dark Reading".
Dark Reading
'Shampoo' ChromeLoader Variant Difficult to Wash Out
A new version of the infamous browser extension is spreading through files on websites offering pirated wares and leverages unique persistence mechanisms.
π΄ Angola Marks Technology Advancements With Cybersecurity Academy Plans π΄
π Read
via "Dark Reading".
The academy is meant to ensure a safe and strong telecommunication service and information technologies for Angola's citizens, the president said.π Read
via "Dark Reading".
Dark Reading
Angola Marks Technology Advancements With Cybersecurity Academy Plans
The academy is meant to ensure a safe and strong telecommunication service and information technologies for Angola's citizens, the president said.
βοΈ CISA Order Highlights Persistent Risk at Network Edge βοΈ
π Read
via "Krebs on Security".
The U.S. government agency in charge of improving the nation's cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.π Read
via "Krebs on Security".
Krebs on Security
CISA Order Highlights Persistent Risk at Network Edge
The U.S. government agency in charge of improving the nation's cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targetingβ¦
βΌ CVE-2023-24420 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin <=Γ 1.1.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25055 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <=Γ 2.6.1 versions.π Read
via "National Vulnerability Database".
β S3 Ep139: Are password rules like running through rain? β
π Read
via "Naked Security".
Latest episode - listen now! (Full transcript inside.)π Read
via "Naked Security".
Naked Security
S3 Ep139: Are password rules like running through rain?
Latest episode β listen now! (Full transcript inside.)
π΄ Free Training's Role in Cybersecurity π΄
π Read
via "Dark Reading".
It's easy to find free training in cybersecurity, but is free the best option for entering the field?π Read
via "Dark Reading".
Dark Reading
Free Training's Role in Cybersecurity
It's easy to find free training in cybersecurity, but is free the best option for entering the field?
βΌ CVE-2023-34666 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34453 βΌ
π Read
via "National Vulnerability Database".
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error.The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`.The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue.Version 1.1.10.1 contains a patch for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21141 βΌ
π Read
via "National Vulnerability Database".
In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249π Read
via "National Vulnerability Database".
βΌ CVE-2023-21124 βΌ
π Read
via "National Vulnerability Database".
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353π Read
via "National Vulnerability Database".
βΌ CVE-2023-29322 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
π΄ Vulcan Cyber Is a Launch Partner for Wiz Integrations (WIN) Platform π΄
π Read
via "Dark Reading".
Vulcan Connector for Wiz enables mutual customers to reduce cloud risk at scale.π Read
via "Dark Reading".
Dark Reading
Vulcan Cyber Is a Launch Partner for Wiz Integrations (WIN) Platform
Vulcan Connector for Wiz enables mutual customers to reduce cloud risk at scale.
π΄ Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT π΄
π Read
via "Dark Reading".
A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.π Read
via "Dark Reading".
Dark Reading
Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT
A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.
π΄ Coalition Releases Security Vulnerability Exploit Scoring System π΄
π Read
via "Dark Reading".
Coalition ESS uses AI to generate dynamic risk scores to help organizations mitigate their most critical risks faster.π Read
via "Dark Reading".
Dark Reading
Coalition Releases Security Vulnerability Exploit Scoring System
Coalition ESS uses AI to generate dynamic risk scores to help organizations mitigate their most critical risks faster.
π΄ Action1 Announces $20M Investment in Its Patch Management Platform π΄
π Read
via "Dark Reading".
The company aims to empower enterprises to securely manage their endpoints and remediate vulnerabilities from the cloud, enabling a work-from-anywhere environment with confidence.π Read
via "Dark Reading".
Dark Reading
Action1 Announces $20M Investment in Its Patch Management Platform
The company aims to empower enterprises to securely manage their endpoints and remediate vulnerabilities from the cloud, enabling a work-from-anywhere environment with confidence.