βΌ CVE-2023-3423 βΌ
π Read
via "National Vulnerability Database".
Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0.π Read
via "National Vulnerability Database".
π΄ Preventing Cyberattacks on Schools Starts With Kβ12 Cybersecurity Education π΄
π Read
via "Dark Reading".
By investing in a strong future cybersecurity workforce, we can prevent future attacks on US critical infrastructure before they occur.π Read
via "Dark Reading".
Dark Reading
Preventing Cyberattacks on Schools Starts With Kβ12 Cybersecurity Education
By investing in a strong future cybersecurity workforce, we can prevent future attacks on US critical infrastructure before they occur.
βΌ CVE-2023-34395 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider.In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution.Starting version 4.0.0 driver can be set only from the hook constructor.This issue affects Apache Airflow ODBC Provider: before 4.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35798 βΌ
π Read
via "National Vulnerability Database".
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.ThisΓ vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specificallyΓ updating the connection to exploit it.This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.It is recommended toΓ upgrade to a version that is not affectedπ Read
via "National Vulnerability Database".
β€1
π Proxmark3 4.16717 Custom Firmware π
π Read
via "Packet Storm Security".
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware.π Read
via "Packet Storm Security".
Packetstormsecurity
Proxmark3 4.16717 Custom Firmware β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-0873 βΌ
π Read
via "National Vulnerability Database".
The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-1166 βΌ
π Read
via "National Vulnerability Database".
The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2023-2627 βΌ
π Read
via "National Vulnerability Database".
The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settingsπ Read
via "National Vulnerability Database".
π’ Zscaler plots a course for zero trust leader ahead of Zenith Live conference π’
π Read
via "ITPro".
Zscaler will be hoping to capitalise on recent successes by giving a strong showing at the company's annual cyber security conference in Berlin π Read
via "ITPro".
ITPro
Zscaler plots a course for zero trust leader ahead of Zenith Live conference
Zscaler will be hoping to capitalise on recent successes by giving a strong showing at the company's annual cyber security conference in Berlin
β UK hacker busted in Spain gets 5 years over Twitter hack and more β
π Read
via "Naked Security".
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...π Read
via "Naked Security".
Naked Security
UK hacker busted in Spain gets 5 years over Twitter hack and more
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting tooβ¦
π’ Kaseya acknowledges partner program βteething problemsβ, promises to hire more account managers π’
π Read
via "ITPro".
Partners have complained of an inconsistent account service since Kaseya bought Datto last year π Read
via "ITPro".
channelpro
Kaseya acknowledges partner program βteething problemsβ, promises to hire more account managers
Partners have complained of an inconsistent account service since Kaseya bought Datto last year
π΄ Why the FDA's SBOM Mandate Changes the Game for OSS Security π΄
π Read
via "Dark Reading".
The new FDA software bill of materials (SBOM) guidelines for medical devices could have broad impact on the healthcare industry and the broader open source ecosystem.π Read
via "Dark Reading".
Dark Reading
Why the FDA's SBOM Mandate Changes the Game for OSS Security
The new FDA software bill of materials (SBOM) guidelines for medical devices could have broad impact on the healthcare industry and the broader open source ecosystem.
π1π1
π΄ Why Cyber Funding Flows for Rural Water Systems π΄
π Read
via "Dark Reading".
The $7.5 million in new funds from the Cybersecurity for Rural Water Systems Act of 2023 is not just a drop in the bucket for crucially important rural water systems.π Read
via "Dark Reading".
Dark Reading
Why Cyber Funding Flows for Rural Water Systems
The $7.5 million in new funds from the Cybersecurity for Rural Water Systems Act of 2023 is not just a drop in the bucket for crucially important rural water systems.
βΌ CVE-2023-34830 βΌ
π Read
via "National Vulnerability Database".
i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35800 βΌ
π Read
via "National Vulnerability Database".
Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators.π Read
via "National Vulnerability Database".
π€―1
π΄ Pilot Applicant Information for American, Southwest Hacked π΄
π Read
via "Dark Reading".
The attack exposed personal information from pilot applicants, prompting both airlines to ditch their third-party provider and move services internally. π Read
via "Dark Reading".
Dark Reading
Pilot Applicant Information for American, Southwest Hacked
The attack exposed personal information from pilot applicants, prompting both airlines to ditch their third-party provider and move services internally.
π΄ Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics π΄
π Read
via "Dark Reading".
Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.π Read
via "Dark Reading".
Dark Reading
Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics
Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.
βΌ CVE-2023-29068 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34835 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter.π Read
via "National Vulnerability Database".
βοΈ U.K. Cyber Thug βPlugwalkJoeβ Gets 5 Years in Prison βοΈ
π Read
via "Krebs on Security".
Joseph James "PlugwalkJoe" O'Connor, a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter, has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But O'Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by "SIM swapping," a crime wherein fraudsters trick a mobile provider into diverting a customer's phone calls and text messages to a device they control.π Read
via "Krebs on Security".
Krebs on Security
U.K. Cyber Thug βPlugwalkJoeβ Gets 5 Years in Prison
Joseph James "PlugwalkJoe" O'Connor, a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter, has been sentenced to five years in a U.S. prison. That may seem likeβ¦
π΄ UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks π΄
π Read
via "Dark Reading".
Cl0p ransomware group uses its Dark Web leak site to identify five new victims of MOVEit cyberattacks. π Read
via "Dark Reading".
Dark Reading
UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks
Cl0p ransomware group uses its Dark Web leak site to identify five new victims of MOVEit cyberattacks.