βΌ CVE-2023-35166 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.π Read
via "National Vulnerability Database".
π΄ An Analyst View of Gartner Security & Risk Management Summit 2023 π΄
π Read
via "Dark Reading".
As a former Gartner analyst, it was interesting to be on the other side, listening as others explored the impact of CEO and CIO priorities on security.π Read
via "Dark Reading".
Dark Reading
An Analyst View of Gartner Security & Risk Management Summit 2023
As a former Gartner analyst, it was interesting to be on the other side, listening as others explored the impact of CEO and CIO priorities on security.
βΌ CVE-2023-34340 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.This issue affects Apache Accumulo: 2.1.0.Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.π Read
via "National Vulnerability Database".
β ASUS warns router customers: Patch now, or block all inbound requests β
π Read
via "Naked Security".
"Do as we say, not as we do!" - The patches took ages to come out, but don't let that lure you into taking ages to install them.π Read
via "Naked Security".
Sophos News
ASUS warns router customers: Patch now, or block all inbound requests
βDo as we say, not as we do!β β The patches took ages to come out, but donβt let that lure you into taking ages to install them.
β€1
π’ Standardized information sharing framework 'essential' for improving cyber security π’
π Read
via "ITPro".
Companies are already weathering the cyber storm, but more can be done to help recovery, experts say π Read
via "ITPro".
ITPro
Standardized information sharing framework 'essential' for improving cyber security
Companies are already weathering the cyber storm, but more can be done to help recovery, experts say
βΌ CVE-2023-34981 βΌ
π Read
via "National Vulnerability Database".
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.π Read
via "National Vulnerability Database".
β βThe Ransomware Documentaryβ β brand new video series from Sophos starting now! β
π Read
via "Naked Security".
Get the full 360-degree view of ransomwareπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Placing People & Realism at the Center of Your Cybersecurity Strategy π΄
π Read
via "Dark Reading".
While it's impossible for an organization to be completely secure, there's no reason to be defenseless.π Read
via "Dark Reading".
Dark Reading
Placing People & Realism at the Center of Your Cybersecurity Strategy
While it's impossible for an organization to be completely secure, there's no reason to be defenseless.
βΌ CVE-2023-27450 βΌ
π Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka pluginΓ <= 3.29.2 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-27443 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <=Γ 2.9.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27432 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin <=Γ 1.0.4 versions.π Read
via "National Vulnerability Database".
β€2
π΄ Cyberattacks on OT, ICS Lay Groundwork for Kinetic Warfare π΄
π Read
via "Dark Reading".
Organizations need to start taking critical infrastructure threats seriously, as they could be a precursor to future, hybrid cyber-kinetic warfare attacks, experts warn.π Read
via "Dark Reading".
Dark Reading
Cyberattacks on OT, ICS Lay Groundwork for Kinetic Warfare
Organizations need to start taking critical infrastructure threats seriously, as they could be a precursor to future, hybrid cyber-kinetic warfare attacks, experts warn.
β Beware bad passwords as attackers co-opt Linux servers into cybercrime β
π Read
via "Naked Security".
Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Emerging Ransomware Group 8Base Doxxes SMBs Globally π΄
π Read
via "Dark Reading".
A threat you've never heard of is using double extortion attacks on mom-and-pop shops around the globe.π Read
via "Dark Reading".
Dark Reading
Emerging Ransomware Group 8Base Doxxes SMBs Globally
A threat you've never heard of is using double extortion attacks on mom-and-pop shops around the globe.
βΌ CVE-2023-0026 βΌ
π Read
via "National Vulnerability Database".
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.2R3-S2; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2911 βΌ
π Read
via "National Vulnerability Database".
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.π Read
via "National Vulnerability Database".
βοΈ Why Malware Crypting Services Deserve More Scrutiny βοΈ
π Read
via "Krebs on Security".
If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or "crypt" your malware so that it appears benign to antivirus and security products. In fact, the process of "crypting" malware is sufficiently complex and time-consuming that most serious cybercrooks will outsource this critical function to a handful of trusted third parties. This story explores the history and identity behind Cryptor[.]biz, a long-running crypting service that is trusted by some of the biggest names in cybercrime.π Read
via "Krebs on Security".
Krebs on Security
Why Malware Crypting Services Deserve More Scrutiny
If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or "crypt" your malware so that it appears benign to antivirus and security products. In fact,β¦
π΄ SMB Edge Devices Walloped With Asus, Zyxel Patch Warnings π΄
π Read
via "Dark Reading".
A slew of critical advisories this week showcase an exploding edge device attack surface for SMBs, which have limited cybersecurity protection, visibility, and maintenance available.π Read
via "Dark Reading".
Dark Reading
SMB Edge Devices Walloped With Asus, Zyxel Patch Warnings
A slew of critical advisories this week showcase an exploding edge device attack surface for SMBs, which have limited cybersecurity protection, visibility, and maintenance available.
π΄ Keep Job Scams From Hurting Your Organization π΄
π Read
via "Dark Reading".
From fake job listings that ding your reputation to fake job applicants who hack your network, job scams are a major threat.π Read
via "Dark Reading".
Dark Reading
Keep Job Scams From Hurting Your Organization
From fake job listings that ding your reputation to fake job applicants who hack your network, job scams are a major threat.
π΄ Ransomware Misconceptions Abound, To the Benefit of Attackers π΄
π Read
via "Dark Reading".
INFOSEC23 β London β It's time to update what we think we understand about ransomware, including new defensive measures and how fast the attack response should be.π Read
via "Dark Reading".
Dark Reading
Ransomware Misconceptions Abound, to the Benefit of Attackers
It's time to update what we think we understand about ransomware, including new defensive measures and how fast the attack response should be.
π΄ New DOJ Cyber Prosecution Team Will Go After Nation-State Threat Actors π΄
π Read
via "Dark Reading".
The US Department of Justice adds litigators under its National Security Division to take on sophisticated cyber threats from adversarial nation-states. π Read
via "Dark Reading".
Dark Reading
New DoJ Cyber Prosecution Team Will Go After Nation-State Threat Actors
The US Department of Justice adds litigators under its National Security Division to take on sophisticated cyber threats from adversarial nation-states.