π΄ US Patent Office Hacked, Trademark Apps Accessed π΄
π Read
via "Dark Reading".
Misconfiguration exposed the physical addresses of 60,000 patent filers over three years.π Read
via "Dark Reading".
Dark Reading
US Patent Office Data Spill Exposes Trademark Applications
Misconfiguration exposed the physical addresses of 60,000 patent filers over three years.
π΄ Cybersecurity Is the Healthcare Your Organization Needs π΄
π Read
via "Dark Reading".
Organizations should consider their security practices the same way people think about their well-being. Focus on staying healthy instead of finding a new pill for every security symptom you see.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Is the Healthcare Your Organization Needs
Organizations should consider their security practices the same way people think about their well-being. Focus on staying healthy instead of finding a new pill for every security symptom you see.
β S3 Ep141: What was Steve Jobsβs first job? β
π Read
via "Naked Security".
Latest episode - listen now! (Full transcript inside.)π Read
via "Naked Security".
Naked Security
S3 Ep141: What was Steve Jobsβs first job?
Latest episode β listen now! (Full transcript inside.)
βΌ CVE-2023-34658 βΌ
π Read
via "National Vulnerability Database".
Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26612 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36487 βΌ
π Read
via "National Vulnerability Database".
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37255 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33277 βΌ
π Read
via "National Vulnerability Database".
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26085 βΌ
π Read
via "National Vulnerability Database".
A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37251 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35830 βΌ
π Read
via "National Vulnerability Database".
STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26613 βΌ
π Read
via "National Vulnerability Database".
An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted get request to excu_shel.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36488 βΌ
π Read
via "National Vulnerability Database".
ILIAS 7.21 allows stored Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-37254 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31222 βΌ
π Read
via "National Vulnerability Database".
Deserialization of untrusted dataΓ in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact aΓ healthcare delivery organizationΓ’β¬β’s Paceart Optima systemΓ cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetrationΓ via network connectivity.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26616 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37256 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.π Read
via "National Vulnerability Database".
βοΈ Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks βοΈ
π Read
via "Krebs on Security".
Nikita Kislitsin, formerly the head of network security for one of Russia's top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin's prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.π Read
via "Krebs on Security".
Krebs on Security
Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks
Nikita Kislitsin, formerly the head of network security for one of Russia's top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin's prosecution couldβ¦
π΄ AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping π΄
π Read
via "Dark Reading".
Virtual kidnapping is just one of many new artificial intelligence attack types that threat actors have begun deploying, as voice cloning emerges as a potent new imposter tool.π Read
via "Dark Reading".
Dark Reading
AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping
Virtual kidnapping is just one of many new artificial intelligence attack types that threat actors have begun deploying, as voice cloning emerges as a potent new imposter tool.
π΄ OTORIO Rolls Out Advanced Attack Graph Analysis for OT Security π΄
π Read
via "Dark Reading".
Innovative risk-based model enables better security measures.π Read
via "Dark Reading".
Dark Reading
OTORIO Rolls Out Advanced Attack Graph Analysis for OT Security
Innovative risk-based model enables better security measures.
π΄ Mend.io Launches Inaugural Open Source Reliability Leaderboard π΄
π Read
via "Dark Reading".
New report offers valuable resource to help organizations evaluate the safety and reliability of open-source packages.π Read
via "Dark Reading".
Dark Reading
Mend.io Launches Inaugural Open Source Reliability Leaderboard
New report offers valuable resource to help organizations evaluate the safety and reliability of open-source packages.