โ๏ธ U.K. Cyber Thug โPlugwalkJoeโ Gets 5 Years in Prison โ๏ธ
๐ Read
via "Krebs on Security".
Joseph James "PlugwalkJoe" O'Connor, a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter, has been sentenced to five years in a U.S. prison. That may seem like harsh punishment for a brief and very public cyber joy ride. But O'Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by "SIM swapping," a crime wherein fraudsters trick a mobile provider into diverting a customer's phone calls and text messages to a device they control.๐ Read
via "Krebs on Security".
Krebs on Security
U.K. Cyber Thug โPlugwalkJoeโ Gets 5 Years in Prison
Joseph James "PlugwalkJoe" O'Connor, a 24-year-old from the United Kingdom who earned his 15 minutes of fame by participating in the July 2020 hack of Twitter, has been sentenced to five years in a U.S. prison. That may seem likeโฆ
๐ด UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks ๐ด
๐ Read
via "Dark Reading".
Cl0p ransomware group uses its Dark Web leak site to identify five new victims of MOVEit cyberattacks. ๐ Read
via "Dark Reading".
Dark Reading
UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks
Cl0p ransomware group uses its Dark Web leak site to identify five new victims of MOVEit cyberattacks.
๐ด Trans-Rights Hacktivists Steal City of Ft. Worth's Data ๐ด
๐ Read
via "Dark Reading".
In a move to embarrass the city, hacking group known as SiegedSec accessed thousands of files with administrator logins, but it's making no ransom demands.๐ Read
via "Dark Reading".
Dark Reading
Trans-Rights Hacktivists Steal City of Ft. Worth's Data
In a move to embarrass the city, hacking group known as SiegedSec accessed thousands of files with administrator logins, but it's making no ransom demands.
โผ CVE-2023-3436 โผ
๐ Read
via "National Vulnerability Database".
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-18414 โผ
๐ Read
via "National Vulnerability Database".
Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25002 โผ
๐ Read
via "National Vulnerability Database".
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-25001 โผ
๐ Read
via "National Vulnerability Database".
A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-36464 โผ
๐ Read
via "National Vulnerability Database".
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3327 โผ
๐ Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1844 โผ
๐ Read
via "National Vulnerability Database".
The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3407 โผ
๐ Read
via "National Vulnerability Database".
The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3331 โผ
๐ Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allowsร a attackerร toร delete specific files in the product.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3333 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2200HP all versions allowsร a attackerร toร execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3330 โผ
๐ Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allowsร a attackerร toร obtain specific files in the product.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3332 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm WG2200HP all versions allowsร a attackerร toร execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3427 โผ
๐ Read
via "National Vulnerability Database".
The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_customer' function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-48505 โผ
๐ Read
via "National Vulnerability Database".
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32623 โผ
๐ Read
via "National Vulnerability Database".
Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26134 โผ
๐ Read
via "National Vulnerability Database".
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-3034 โผ
๐ Read
via "National Vulnerability Database".
Reflected XSS affects the รขโฌหmodeรขโฌโข parameter in the /admin functionality of the web application in versions <=2.0.44๐ Read
via "National Vulnerability Database".
โผ CVE-2023-1295 โผ
๐ Read
via "National Vulnerability Database".
A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.๐ Read
via "National Vulnerability Database".
๐1