π΄ Ironscales Adds AI Assistant to Suss Out Phishing Attempts π΄
π Read
via "Dark Reading".
The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.π Read
via "Dark Reading".
Dark Reading
Ironscales Adds AI Assistant to Suss Out Phishing Attempts
The company says its Themis Co-pilot for Outlook helps recipients discern business email compromise attacks, reducing false positives for security staff.
βΌ CVE-2023-28956 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33842 βΌ
π Read
via "National Vulnerability Database".
IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-28166 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <=Γ 1.0.0 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-27413 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <=Γ 2.4.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29708 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.π Read
via "National Vulnerability Database".
β€1
π΄ 2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign π΄
π Read
via "Dark Reading".
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.π Read
via "Dark Reading".
Dark Reading
2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
π΄ Lessons From a Pen Tester: 3 Steps to Stay Safer π΄
π Read
via "Dark Reading".
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.π Read
via "Dark Reading".
Dark Reading
Lessons From a Pen Tester: 3 Steps to Stay Safer
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.
βΌ CVE-2023-27452 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator Γ’β¬β easily Button Builder plugin <=Γ 2.3.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35093 βΌ
π Read
via "National Vulnerability Database".
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin Γ’β¬β for Online Courses and Education plugin <=Γ 3.0.8 versions allowsΓ any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order likeΓ email, username, and more.π Read
via "National Vulnerability Database".
β€1
π΄ IT Staff Increasingly Saddled With Data Protection Compliance π΄
π Read
via "Dark Reading".
Compliance, seen as a burden for businesses, is being passed to overloaded IT departments β leaving organizations unsure if they're compliant at all.π Read
via "Dark Reading".
Dark Reading
IT Staff Increasingly Saddled With Data Protection Compliance
Compliance, seen as a burden for businesses, is being passed to overloaded IT departments β leaving organizations unsure if they're compliant at all.
π΄ 6 Attack Surfaces You Must Protect π΄
π Read
via "Dark Reading".
More connectivity means more potential ways into your enterprise, so securing every main attack surface is imperative.π Read
via "Dark Reading".
Dark Reading
6 Attack Surfaces You Must Protect
More connectivity means more potential ways into your enterprise, so securing every main attack surface is imperative.
π΄ Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild π΄
π Read
via "Dark Reading".
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.π Read
via "Dark Reading".
Dark Reading
Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
βΌ CVE-2023-36362 βΌ
π Read
via "National Vulnerability Database".
An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36370 βΌ
π Read
via "National Vulnerability Database".
An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.π Read
via "National Vulnerability Database".
β S3 Ep140: So you think you know ransomware? β
π Read
via "Naked Security".
Lots to learn this week - listen now! (Full transcript inside.)π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 5 Steps for Minimizing Dark Data Risk π΄
π Read
via "Dark Reading".
Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.π Read
via "Dark Reading".
Dark Reading
5 Steps for Minimizing Dark Data Risk
Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.
βΌ CVE-2023-2611 βΌ
π Read
via "National Vulnerability Database".
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3256 βΌ
π Read
via "National Vulnerability Database".
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.π Read
via "National Vulnerability Database".
π΄ Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands π΄
π Read
via "Dark Reading".
The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.π Read
via "Dark Reading".
Dark Reading
Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands
The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.
βοΈ SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool βοΈ
π Read
via "Krebs on Security".
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. "smishing") messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn't be shipped unless the customer paid an added delivery fee.π Read
via "Krebs on Security".
Krebs on Security
SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. "smishing") messages that spoofed UPS and other top brands.β¦