🕴 HashiCorp Expands PAM, Secrets Management Capabilities 🕴
📖 Read
via "Dark Reading".
The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.📖 Read
via "Dark Reading".
Dark Reading
HashiCorp Expands PAM, Secrets Management Capabilities
The new privileged access management and secrets management capabilities tackles access issues and secret sprawl across the cloud environment.
🕴 Cybercrime Doesn't Take a Vacation 🕴
📖 Read
via "Dark Reading".
Organizations need to prepare for security threats as summer holidays approach.📖 Read
via "Dark Reading".
Dark Reading
Cybercrime Doesn't Take a Vacation
Organizations need to prepare for security threats as summer holidays approach.
‼ CVE-2023-26537 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <=Â 1.0.2 versions.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-26527 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <=Â 1.4 versions.📖 Read
via "National Vulnerability Database".
❤2
🕴 Attackers Create Synthetic Security Researchers to Steal IP 🕴
📖 Read
via "Dark Reading".
Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.📖 Read
via "Dark Reading".
Dark Reading
Attackers Create Synthetic Security Researchers to Steal IP
Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.
‼ CVE-2023-35783 ‼
📖 Read
via "National Vulnerability Database".
The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.📖 Read
via "National Vulnerability Database".
❤1
🕴 Dodgy Microlending Apps Stalk MEA Users, Highlighting Cyber Maturity Gaps 🕴
📖 Read
via "Dark Reading".
Mobile users in the Middle East and Africa often download moneylending apps that ask for excessive permissions — an all too common issue in an area where mobile-only is common and cyber awareness is low.📖 Read
via "Dark Reading".
Dark Reading
Dodgy Microlending Apps Stalk MEA Users, Highlighting Cyber Maturity Gaps
Mobile users in the Middle East and Africa often download moneylending apps that ask for excessive permissions — an all too common issue in an area where mobile-only is the norm and cyber awareness is low.
🛠 Suricata IDPE 6.0.13 🛠
📖 Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 6.0.13 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2023-30453 ‼
📖 Read
via "National Vulnerability Database".
The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34733 ‼
📖 Read
via "National Vulnerability Database".
A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.📖 Read
via "National Vulnerability Database".
🕴 Third MOVEit Transfer Vulnerability Disclosed by Progress Software 🕴
📖 Read
via "Dark Reading".
MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks on the service continue to mount.📖 Read
via "Dark Reading".
Dark Reading
Third MOVEit Transfer Vulnerability Disclosed by Progress Software
MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.
🕴 Security LeadHER Wraps Groundbreaking Inaugural Conference for Women in Security 🕴
📖 Read
via "Dark Reading".
This first-ever event, hosted by the Security Industry Association and ASIS International and designed to advance, connect, and empower women in security, gathered hundreds of industry leaders in Nashville June 12-13, 2023.📖 Read
via "Dark Reading".
Dark Reading
Security LeadHER Wraps Groundbreaking Inaugural Conference for Women in Security
This first-ever event, hosted by the Security Industry Association and ASIS International and designed to advance, connect, and empower women in security, gathered hundreds of industry leaders in Nashville June 12-13, 2023.
🕴 Killnet Threatens Imminent SWIFT, World Banking Attacks 🕴
📖 Read
via "Dark Reading".
The DDoS collective claims to be teaming up with ReVIL and Anonymous Sudan for destructive financial attacks in retaliation for US aid in Ukraine, but the partnerships (and danger) are far from verified.📖 Read
via "Dark Reading".
Dark Reading
Killnet Threatens Imminent SWIFT, World Banking Attacks
The DDoS collective claims to be teaming up with ReVIL and Anonymous Sudan for destructive financial attacks in retaliation for US aid in Ukraine, but the partnerships (and danger) are far from verified.
👍1
‼ CVE-2023-34645 ‼
📖 Read
via "National Vulnerability Database".
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34660 ‼
📖 Read
via "National Vulnerability Database".
jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.📖 Read
via "National Vulnerability Database".
🕴 Getting Over the DNS Security Awareness Gap 🕴
📖 Read
via "Dark Reading".
To properly secure DNS infrastructure, organizations need strong security hygiene around DNS infrastructure and records management as well as closely monitoring and filtering DNS traffic.📖 Read
via "Dark Reading".
Dark Reading
Getting Over the DNS Security Awareness Gap
To properly secure DNS infrastructure, organizations need strong security hygiene and records management, as well as DNS traffic monitoring and filtering.
‼ CVE-2023-35790 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-33438 ‼
📖 Read
via "National Vulnerability Database".
A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-34459 ‼
📖 Read
via "National Vulnerability Database".
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves.A contract may be vulnerable if it uses multiproofs for verification and the merkle tree that is processed includes a node with value 0 at depth 1 (just under the root). This could happen inadvertedly for balanced trees with 3 leaves or less, if the leaves are not hashed. This could happen deliberately if a malicious tree builder includes such a node in the tree.A contract is not vulnerable if it uses single-leaf proving (`verify`, `verifyCalldata`, `processProof`, or `processProofCalldata`), or if it uses multiproofs with a known tree that has hashed leaves. Standard merkle trees produced or validated with the @openzeppelin/merkle-tree library are safe.The problem has been patched in version 4.9.2.Some workarounds are available. For those using multiproofs: When constructing merkle trees hash the leaves and do not insert empty nodes in your trees. Using the @openzeppelin/merkle-tree package eliminates this issue. Do not accept user-provided merkle roots without reconstructing at least the first level of the tree. Verify the merkle tree structure by reconstructing it from the leaves.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28287 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Publisher Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35811 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected.📖 Read
via "National Vulnerability Database".
❤1