βΌ CVE-2023-36243 βΌ
π Read
via "National Vulnerability Database".
FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34923 βΌ
π Read
via "National Vulnerability Database".
XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.π Read
via "National Vulnerability Database".
π΄ Former Duo Security Co-Founder Jon Oberheide Joins DNSFilter Board of Directors π΄
π Read
via "Dark Reading".
Cybersecurity expert and proven entrepreneur to help protective DNS leader drive vision and scale through hypergrowth.π Read
via "Dark Reading".
Dark Reading
Former Duo Security Co-Founder Jon Oberheide Joins DNSFilter Board of Directors
Cybersecurity expert and proven entrepreneur to help protective DNS leader drive vision and scale through hypergrowth.
π΄ Sumsub Launches Advanced Deepfakes Detector π΄
π Read
via "Dark Reading".
Full-cycle verification platform enhances its facial biometrics verification with innovative deepfake detection technology; shares new 2023 identity fraud trends.π Read
via "Dark Reading".
Dark Reading
Sumsub Launches Advanced Deepfakes Detector
Full-cycle verification platform enhances its facial biometrics verification with innovative deepfake detection technology; shares new 2023 identity fraud trends.
π΄ Growing SaaS Usage Means Larger Attack Surface π΄
π Read
via "Dark Reading".
Software-as-a-service expands an organization's attack surface, and security teams need to understand how to address those risks.π Read
via "Dark Reading".
Dark Reading
Growing SaaS Usage Means Larger Attack Surface
Software-as-a-service has its benefits, but abandoned SaaS integrations and idle data sharing introduce risk to the enterprise.
π΄ Job Seekers, Look Out for Job Scams π΄
π Read
via "Dark Reading".
Scammers are setting out lures for people looking for work. If a position sounds too good to be true, it probably is.π Read
via "Dark Reading".
Dark Reading
Job Seekers, Look Out for Job Scams
Scammers are setting out lures for people looking for work. If a position sounds too good to be true, it probably is.
βΌ CVE-2023-3128 βΌ
π Read
via "National Vulnerability Database".
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2991 βΌ
π Read
via "National Vulnerability Database".
Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" messageπ Read
via "National Vulnerability Database".
βΌ CVE-2023-34110 βΌ
π Read
via "National Vulnerability Database".
Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34462 βΌ
π Read
via "National Vulnerability Database".
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36192 βΌ
π Read
via "National Vulnerability Database".
Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31469 βΌ
π Read
via "National Vulnerability Database".
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.The issue is resolved by upgrading to StreamPipes 0.92.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23344 βΌ
π Read
via "National Vulnerability Database".
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28027 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-28031 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3381 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28034 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.π Read
via "National Vulnerability Database".
π’ EU regulators are digging their heels in despite big techβs Data Act pushback π’
π Read
via "ITPro".
EU regulators are no strangers to big tech regulatory push back, so why do companies still persist? π Read
via "ITPro".
ITPro
EU regulators are digging their heels in despite big techβs Data Act pushback
EU regulators are no strangers to big tech regulatory push back, so why do companies still persist?
π’ βBorderline irresponsibleβ attitude to third party risks must change, says expert π’
π Read
via "ITPro".
Firms that donβt interrogate their supply chains could face the consequences π Read
via "ITPro".
IT Pro
βBorderline irresponsibleβ attitude to third party risks must change, says expert
Firms that donβt interrogate their supply chains could face the consequences
π΄ Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking π΄
π Read
via "Dark Reading".
Many organizations are unwittingly exposing users of their code repositories to repojacking when renaming projects, a new study shows.π Read
via "Dark Reading".
Dark Reading
Millions of Repos on GitHub Are Potentially Vulnerable to Hijacking
Many organizations are unwittingly exposing users of their code repositories to repojacking when renaming projects, a new study shows.
π΄ Deception Technologies Have a Maturity Problem π΄
π Read
via "Dark Reading".
While there's plenty of upside to rolling out deception technologies, it's not clear if cybersecurity leaders β or their organizations β are ready for them.π Read
via "Dark Reading".
Dark Reading
Deception Technologies Have a Maturity Problem
While there's plenty of upside to rolling out deception technologies, it's not clear if cybersecurity leaders β or their organizations β are ready for them.