π΄ Free Training's Role in Cybersecurity π΄
π Read
via "Dark Reading".
It's easy to find free training in cybersecurity, but is free the best option for entering the field?π Read
via "Dark Reading".
Dark Reading
Free Training's Role in Cybersecurity
It's easy to find free training in cybersecurity, but is free the best option for entering the field?
βΌ CVE-2023-34666 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34453 βΌ
π Read
via "National Vulnerability Database".
snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing a fatal error.The function `shuffle(int[] input)` in the file `BitShuffle.java` receives an array of integers and applies a bit shuffle on it. It does so by multiplying the length by 4 and passing it to the natively compiled shuffle function. Since the length is not tested, the multiplication by four can cause an integer overflow and become a smaller value than the true size, or even zero or negative. In the case of a negative value, a `java.lang.NegativeArraySizeException` exception will raise, which can crash the program. In a case of a value that is zero or too small, the code that afterwards references the shuffled array will assume a bigger size of the array, which might cause exceptions such as `java.lang.ArrayIndexOutOfBoundsException`.The same issue exists also when using the `shuffle` functions that receive a double, float, long and short, each using a different multiplier that may cause the same issue.Version 1.1.10.1 contains a patch for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21141 βΌ
π Read
via "National Vulnerability Database".
In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262244249π Read
via "National Vulnerability Database".
βΌ CVE-2023-21124 βΌ
π Read
via "National Vulnerability Database".
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353π Read
via "National Vulnerability Database".
βΌ CVE-2023-29322 βΌ
π Read
via "National Vulnerability Database".
Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π Read
via "National Vulnerability Database".
π΄ Vulcan Cyber Is a Launch Partner for Wiz Integrations (WIN) Platform π΄
π Read
via "Dark Reading".
Vulcan Connector for Wiz enables mutual customers to reduce cloud risk at scale.π Read
via "Dark Reading".
Dark Reading
Vulcan Cyber Is a Launch Partner for Wiz Integrations (WIN) Platform
Vulcan Connector for Wiz enables mutual customers to reduce cloud risk at scale.
π΄ Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT π΄
π Read
via "Dark Reading".
A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.π Read
via "Dark Reading".
Dark Reading
Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT
A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.
π΄ Coalition Releases Security Vulnerability Exploit Scoring System π΄
π Read
via "Dark Reading".
Coalition ESS uses AI to generate dynamic risk scores to help organizations mitigate their most critical risks faster.π Read
via "Dark Reading".
Dark Reading
Coalition Releases Security Vulnerability Exploit Scoring System
Coalition ESS uses AI to generate dynamic risk scores to help organizations mitigate their most critical risks faster.
π΄ Action1 Announces $20M Investment in Its Patch Management Platform π΄
π Read
via "Dark Reading".
The company aims to empower enterprises to securely manage their endpoints and remediate vulnerabilities from the cloud, enabling a work-from-anywhere environment with confidence.π Read
via "Dark Reading".
Dark Reading
Action1 Announces $20M Investment in Its Patch Management Platform
The company aims to empower enterprises to securely manage their endpoints and remediate vulnerabilities from the cloud, enabling a work-from-anywhere environment with confidence.
β MOVEit mayhem 3: βDisable HTTP and HTTPS traffic immediatelyβ β
π Read
via "Naked Security".
Twice more unto the breach... patch being tested, in the meantime, shut down web access.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-24032 βΌ
π Read
via "National Vulnerability Database".
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-33243 βΌ
π Read
via "National Vulnerability Database".
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.π Read
via "National Vulnerability Database".
π΄ How Do I Protect My API Keys From Appearing in GitHub Search Results? π΄
π Read
via "Dark Reading".
A few lines of code can help you prevent accidental exposure, manage sensitive information, and maintain different configurations for various environments.π Read
via "Dark Reading".
Dark Reading
How Do I Protect My API Keys From Appearing in Search Results?
A few lines of code can help you prevent accidental exposure, manage sensitive information, and maintain different configurations for various environments.
βΌ CVE-2023-28810 βΌ
π Read
via "National Vulnerability Database".
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2080 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-32025 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-29349 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC and OLE DB Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-32027 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-34845 βΌ
π Read
via "National Vulnerability Database".
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32026 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".