βΌ CVE-2023-33289 βΌ
π Read
via "National Vulnerability Database".
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.π Read
via "National Vulnerability Database".
β Beware bad passwords as attackers co-opt Linux servers into cybercrime β
π Read
via "Naked Security".
Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β€1π1
β Apple patch fixes zero-day kernel hole reported by Kaspersky β update now! β
π Read
via "Naked Security".
Apple didn't use the words "Triangulation Trojan", but you probably will.π Read
via "Naked Security".
π΄ Ironscales Adds AI Assistant to Suss Out Phishing Attempts π΄
π Read
via "Dark Reading".
The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.π Read
via "Dark Reading".
Dark Reading
Ironscales Adds AI Assistant to Suss Out Phishing Attempts
The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.
βΌ CVE-2023-28956 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33842 βΌ
π Read
via "National Vulnerability Database".
IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-28166 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <=Γ 1.0.0 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-27413 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <=Γ 2.4.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29708 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.π Read
via "National Vulnerability Database".
β€1
π΄ 2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign π΄
π Read
via "Dark Reading".
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.π Read
via "Dark Reading".
Dark Reading
2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
π΄ Lessons From a Pen Tester: 3 Steps to Stay Safer π΄
π Read
via "Dark Reading".
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.π Read
via "Dark Reading".
Dark Reading
Lessons From a Pen Tester: 3 Steps to Stay Safer
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.
βΌ CVE-2023-27452 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator Γ’β¬β easily Button Builder plugin <=Γ 2.3.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35093 βΌ
π Read
via "National Vulnerability Database".
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin Γ’β¬β for Online Courses and Education plugin <=Γ 3.0.8 versions allowsΓ any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order likeΓ email, username, and more.π Read
via "National Vulnerability Database".
β€1
π΄ IT Staff Increasingly Saddled With Data Protection Compliance π΄
π Read
via "Dark Reading".
Compliance, seen as a burden for businesses, is being passed to overloaded IT departments β leaving organizations unsure if they're compliant at all.π Read
via "Dark Reading".
Dark Reading
IT Staff Increasingly Saddled With Data Protection Compliance
Compliance, seen as a burden for businesses, is being passed to overloaded IT departments β leaving organizations unsure if they're compliant at all.
π΄ 6 Attack Surfaces You Must Protect π΄
π Read
via "Dark Reading".
More connectivity means more potential ways into your enterprise, so securing every main attack surface is imperative.π Read
via "Dark Reading".
Dark Reading
6 Attack Surfaces You Must Protect
More connectivity means more potential ways into your enterprise, so securing every main attack surface is imperative.
π΄ Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild π΄
π Read
via "Dark Reading".
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.π Read
via "Dark Reading".
Dark Reading
Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
βΌ CVE-2023-36362 βΌ
π Read
via "National Vulnerability Database".
An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36370 βΌ
π Read
via "National Vulnerability Database".
An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.π Read
via "National Vulnerability Database".
β S3 Ep140: So you think you know ransomware? β
π Read
via "Naked Security".
Lots to learn this week - listen now! (Full transcript inside.)π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 5 Steps for Minimizing Dark Data Risk π΄
π Read
via "Dark Reading".
Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.π Read
via "Dark Reading".
Dark Reading
5 Steps for Minimizing Dark Data Risk
Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.
βΌ CVE-2023-2611 βΌ
π Read
via "National Vulnerability Database".
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.π Read
via "National Vulnerability Database".