βΌ CVE-2023-34154 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2786 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to properly check theΓ permissions when executing commands allowing a member with no permissionsΓ to post a message in a channel to actually post it by executing channel commands.π Read
via "National Vulnerability Database".
π’ Latest arrest places LockBit firmly in the crosshairs of international cyber police π’
π Read
via "ITPro".
The threat group could be set for a fate reminiscent of REvil π Read
via "ITPro".
ITPro
Latest arrest places LockBit firmly in the crosshairs of international cyber police
The threat group could be set for a fate reminiscent of REvil
βΌ CVE-2023-2785 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation ofΓ large log filesπ Read
via "National Vulnerability Database".
βΌ CVE-2023-2793 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.π Read
via "National Vulnerability Database".
π1
π΄ HashiCorp Expands PAM, Secrets Management Capabilities π΄
π Read
via "Dark Reading".
The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.π Read
via "Dark Reading".
Dark Reading
HashiCorp Expands PAM, Secrets Management Capabilities
The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.
π΄ Cybercrime Doesn't Take a Vacation π΄
π Read
via "Dark Reading".
Organizations need to prepare for security threats as summer holidays approach.π Read
via "Dark Reading".
Dark Reading
Cybercrime Doesn't Take a Vacation
Organizations need to prepare for security threats as summer holidays approach.
βΌ CVE-2023-26537 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <=Γ 1.0.2 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-26527 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <=Γ 1.4 versions.π Read
via "National Vulnerability Database".
β€2
π΄ Attackers Create Synthetic Security Researchers to Steal IP π΄
π Read
via "Dark Reading".
Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.π Read
via "Dark Reading".
Dark Reading
Attackers Create Synthetic Security Researchers to Steal IP
Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.
βΌ CVE-2023-35783 βΌ
π Read
via "National Vulnerability Database".
The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.π Read
via "National Vulnerability Database".
β€1
π΄ Dodgy Microlending Apps Stalk MEA Users, Highlighting Cyber Maturity Gaps π΄
π Read
via "Dark Reading".
Mobile users in the Middle East and Africa often download moneylending apps that ask for excessive permissions β an all too common issue in an area where mobile-only is common and cyber awareness is low.π Read
via "Dark Reading".
Dark Reading
Dodgy Microlending Apps Stalk MEA Users, Highlighting Cyber Maturity Gaps
Mobile users in the Middle East and Africa often download moneylending apps that ask for excessive permissions β an all too common issue in an area where mobile-only is the norm and cyber awareness is low.
π Suricata IDPE 6.0.13 π
π Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.π Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.13 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-30453 βΌ
π Read
via "National Vulnerability Database".
The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34733 βΌ
π Read
via "National Vulnerability Database".
A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.π Read
via "National Vulnerability Database".
π΄ Third MOVEit Transfer Vulnerability Disclosed by Progress Software π΄
π Read
via "Dark Reading".
MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks on the service continue to mount.π Read
via "Dark Reading".
Dark Reading
Third MOVEit Transfer Vulnerability Disclosed by Progress Software
MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.
π΄ Security LeadHER Wraps Groundbreaking Inaugural Conference for Women in Security π΄
π Read
via "Dark Reading".
This first-ever event, hosted by the Security Industry Association and ASIS International and designed to advance, connect, and empower women in security, gathered hundreds of industry leaders in Nashville June 12-13, 2023.π Read
via "Dark Reading".
Dark Reading
Security LeadHER Wraps Groundbreaking Inaugural Conference for Women in Security
This first-ever event, hosted by the Security Industry Association and ASIS International and designed to advance, connect, and empower women in security, gathered hundreds of industry leaders in Nashville June 12-13, 2023.
π΄ Killnet Threatens Imminent SWIFT, World Banking Attacks π΄
π Read
via "Dark Reading".
The DDoS collective claims to be teaming up with ReVIL and Anonymous Sudan for destructive financial attacks in retaliation for US aid in Ukraine, but the partnerships (and danger) are far from verified.π Read
via "Dark Reading".
Dark Reading
Killnet Threatens Imminent SWIFT, World Banking Attacks
The DDoS collective claims to be teaming up with ReVIL and Anonymous Sudan for destructive financial attacks in retaliation for US aid in Ukraine, but the partnerships (and danger) are far from verified.
π1
βΌ CVE-2023-34645 βΌ
π Read
via "National Vulnerability Database".
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34660 βΌ
π Read
via "National Vulnerability Database".
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.π Read
via "National Vulnerability Database".
π΄ Getting Over the DNS Security Awareness Gap π΄
π Read
via "Dark Reading".
To properly secure DNS infrastructure, organizations need strong security hygiene around DNS infrastructure and records management as well as closely monitoring and filtering DNS traffic.π Read
via "Dark Reading".
Dark Reading
Getting Over the DNS Security Awareness Gap
To properly secure DNS infrastructure, organizations need strong security hygiene and records management, as well as DNS traffic monitoring and filtering.