βΌ CVE-2023-29708 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.π Read
via "National Vulnerability Database".
β€1
π΄ 2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign π΄
π Read
via "Dark Reading".
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.π Read
via "Dark Reading".
Dark Reading
2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign
The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.
π΄ Lessons From a Pen Tester: 3 Steps to Stay Safer π΄
π Read
via "Dark Reading".
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.π Read
via "Dark Reading".
Dark Reading
Lessons From a Pen Tester: 3 Steps to Stay Safer
From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.
βΌ CVE-2023-27452 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator Γ’β¬β easily Button Builder plugin <=Γ 2.3.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35093 βΌ
π Read
via "National Vulnerability Database".
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin Γ’β¬β for Online Courses and Education plugin <=Γ 3.0.8 versions allowsΓ any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order likeΓ email, username, and more.π Read
via "National Vulnerability Database".
β€1
π΄ IT Staff Increasingly Saddled With Data Protection Compliance π΄
π Read
via "Dark Reading".
Compliance, seen as a burden for businesses, is being passed to overloaded IT departments β leaving organizations unsure if they're compliant at all.π Read
via "Dark Reading".
Dark Reading
IT Staff Increasingly Saddled With Data Protection Compliance
Compliance, seen as a burden for businesses, is being passed to overloaded IT departments β leaving organizations unsure if they're compliant at all.
π΄ 6 Attack Surfaces You Must Protect π΄
π Read
via "Dark Reading".
More connectivity means more potential ways into your enterprise, so securing every main attack surface is imperative.π Read
via "Dark Reading".
Dark Reading
6 Attack Surfaces You Must Protect
More connectivity means more potential ways into your enterprise, so securing every main attack surface is imperative.
π΄ Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild π΄
π Read
via "Dark Reading".
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.π Read
via "Dark Reading".
Dark Reading
Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
βΌ CVE-2023-36362 βΌ
π Read
via "National Vulnerability Database".
An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36370 βΌ
π Read
via "National Vulnerability Database".
An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.π Read
via "National Vulnerability Database".
β S3 Ep140: So you think you know ransomware? β
π Read
via "Naked Security".
Lots to learn this week - listen now! (Full transcript inside.)π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 5 Steps for Minimizing Dark Data Risk π΄
π Read
via "Dark Reading".
Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.π Read
via "Dark Reading".
Dark Reading
5 Steps for Minimizing Dark Data Risk
Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.
βΌ CVE-2023-2611 βΌ
π Read
via "National Vulnerability Database".
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3256 βΌ
π Read
via "National Vulnerability Database".
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.π Read
via "National Vulnerability Database".
π΄ Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands π΄
π Read
via "Dark Reading".
The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.π Read
via "Dark Reading".
Dark Reading
Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands
The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.
βοΈ SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool βοΈ
π Read
via "Krebs on Security".
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. "smishing") messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn't be shipped unless the customer paid an added delivery fee.π Read
via "Krebs on Security".
Krebs on Security
SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool
The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. "smishing") messages that spoofed UPS and other top brands.β¦
π΄ Even With No Recession, Smaller Firms Aim to Consolidate Security Tools π΄
π Read
via "Dark Reading".
Small and midsized companies work to jettison some security tools to simplify operations and reduce cost, even as any economic downturn continues to remain at bay.π Read
via "Dark Reading".
Dark Reading
Even With No Recession, Smaller Firms Aim to Consolidate Security Tools
Small and midsized companies work to jettison some security tools to simplify operations and reduce cost, even as any economic downturn continues to remain at bay.
π΄ Tanium Platform Advances Threat Identification Capabilities and Enhances Endpoint Reach π΄
π Read
via "Dark Reading".
Award-winning XEM platform introduces advanced SBOM capabilities, expanded ARM support, and additional Risk & Compliance improvements.π Read
via "Dark Reading".
Dark Reading
Tanium Platform Advances Threat Identification Capabilities and Enhances Endpoint Reach
Award-winning XEM platform introduces advanced SBOM capabilities, expanded ARM support, and additional Risk & Compliance improvements.
βΌ CVE-2023-36243 βΌ
π Read
via "National Vulnerability Database".
FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34923 βΌ
π Read
via "National Vulnerability Database".
XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.π Read
via "National Vulnerability Database".
π΄ Former Duo Security Co-Founder Jon Oberheide Joins DNSFilter Board of Directors π΄
π Read
via "Dark Reading".
Cybersecurity expert and proven entrepreneur to help protective DNS leader drive vision and scale through hypergrowth.π Read
via "Dark Reading".
Dark Reading
Former Duo Security Co-Founder Jon Oberheide Joins DNSFilter Board of Directors
Cybersecurity expert and proven entrepreneur to help protective DNS leader drive vision and scale through hypergrowth.