βΌ CVE-2023-37254 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31222 βΌ
π Read
via "National Vulnerability Database".
Deserialization of untrusted dataΓ in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact aΓ healthcare delivery organizationΓ’β¬β’s Paceart Optima systemΓ cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetrationΓ via network connectivity.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26616 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37256 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.π Read
via "National Vulnerability Database".
βοΈ Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks βοΈ
π Read
via "Krebs on Security".
Nikita Kislitsin, formerly the head of network security for one of Russia's top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin's prosecution could soon put the Kazakhstan government in a sticky diplomatic position, as the Kremlin is already signaling that it intends to block his extradition to the United States.π Read
via "Krebs on Security".
Krebs on Security
Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks
Nikita Kislitsin, formerly the head of network security for one of Russia's top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsin's prosecution couldβ¦
π΄ AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping π΄
π Read
via "Dark Reading".
Virtual kidnapping is just one of many new artificial intelligence attack types that threat actors have begun deploying, as voice cloning emerges as a potent new imposter tool.π Read
via "Dark Reading".
Dark Reading
AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping
Virtual kidnapping is just one of many new artificial intelligence attack types that threat actors have begun deploying, as voice cloning emerges as a potent new imposter tool.
π΄ OTORIO Rolls Out Advanced Attack Graph Analysis for OT Security π΄
π Read
via "Dark Reading".
Innovative risk-based model enables better security measures.π Read
via "Dark Reading".
Dark Reading
OTORIO Rolls Out Advanced Attack Graph Analysis for OT Security
Innovative risk-based model enables better security measures.
π΄ Mend.io Launches Inaugural Open Source Reliability Leaderboard π΄
π Read
via "Dark Reading".
New report offers valuable resource to help organizations evaluate the safety and reliability of open-source packages.π Read
via "Dark Reading".
Dark Reading
Mend.io Launches Inaugural Open Source Reliability Leaderboard
New report offers valuable resource to help organizations evaluate the safety and reliability of open-source packages.
π΄ Invary Raises $1.85M in Pre-Seed Funding to Close Critical Gap in Zero Trust Security π΄
π Read
via "Dark Reading".
The company introduces a solution to restore trust in customers' existing cyber defense techstack.π Read
via "Dark Reading".
Dark Reading
Invary Raises $1.85M in Pre-Seed Funding to Close Critical Gap in Zero Trust Security
The company introduces a solution to restore trust in customers' existing cyber defense techstack.
π΄ Cybellum Unveils New Brand, Amplifying Commitment to Team-Centric Product Security π΄
π Read
via "Dark Reading".
The new brand is launched alongside new product security platform capabilities such as a vulnerability management (VM) co-pilot and incident response investigation management, providing automation and workflows for the many teams involved in product security.π Read
via "Dark Reading".
Dark Reading
Cybellum Unveils New Brand, Amplifying Commitment to Team-Centric Product Security
The new brand is launched alongside new product security platform capabilities such as a vulnerability management (VM) co-pilot and incident response investigation management, providing automation and workflows for the many teams involved in product security.
β€1π1
π΄ Employer Demand for Technology Workers Across Europe Remains on Firm Footing π΄
π Read
via "Dark Reading".
More than 950,000 job postings for tech positions in Q4 2022.π Read
via "Dark Reading".
Dark Reading
Employer Demand for Technology Workers Across Europe Remains on Firm Footing
More than 950,000 job postings for tech positions in Q4 2022.
π΄ WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends π΄
π Read
via "Dark Reading".
Key findings from the research also show three of the four new malware threats on this quarter's top-ten list originated in China and Russia, living-off-the-land attacks on the rise, and more.π Read
via "Dark Reading".
Dark Reading
WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends
Key findings from the research also show three of the four new malware threats on this quarter's top-ten list originated in China and Russia, living-off-the-land attacks on the rise, and more.
π΄ TXOne Networks' Stellar Solution Safeguards Operational Stability for Organizations in Various Industries π΄
π Read
via "Dark Reading".
Stellar leverages cyber physical system detection and response (CPSDR) to prevent unexpected system changes from impacting operational reliability and availability.π Read
via "Dark Reading".
Dark Reading
TXOne Networks' Stellar Solution Safeguards Operational Stability for Organizations in Various Industries
Stellar leverages cyber physical system detection and response (CPSDR) to prevent unexpected system changes from impacting operational reliability and availability.
π΄ Center for Internet Security, CREST Join Forces to Secure Organizations Globally π΄
π Read
via "Dark Reading".
New program provides organizations a way to show customers and partners their cybersecurity posture meets rigorous standards of CREST accreditation.π Read
via "Dark Reading".
Dark Reading
Center for Internet Security, CREST Join Forces to Secure Organizations Globally
New program provides organizations a way to show customers and partners their cybersecurity posture meets rigorous standards of CREST accreditation.
π΄ Pepper and Embedded Insurance Partner on Cyber Insurance For Consumers, SMBs π΄
π Read
via "Dark Reading".
Now, if you've got an IoT network powered by Pepper, you can insure it through Embedded Insurance β even if your business is too small to support a SOC.π Read
via "Dark Reading".
Dark Reading
Pepper and Embedded Insurance Partner on Cyber Insurance for Consumers, SMBs
If you have an IoT network powered by Pepper, you can now insure it through Embedded Insurance β even if your business is too small to support a SOC.
βΌ CVE-2022-44720 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26708 βΌ
π Read
via "National Vulnerability Database".
requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36471 βΌ
π Read
via "National Vulnerability Database".
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add an input like `{{html}}<input type="hidden" name="content" value="{{groovy}}println("Hello from Groovy!")" />{{/html}}` that would allow remote code execution when it is submitted by an admin (the sheet is rendered as part of the edit form). The attacker would need to ensure that the edit form looks plausible, though, which can be non-trivial as without script right the attacker cannot display the regular content of the document. This has been patched in XWiki 14.10.6 and 15.2RC1 by removing the central form-related tags from the list of allowed tags. Users are advised to upgrade. As a workaround an admin can manually disallow the tags by adding `form, input, select, textarea, button` to the configuration option `xml.htmlElementSanitizer.forbidTags` in the `xwiki.properties` configuration file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36469 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.6 and 15.2RC1. Users are advised to update. As a workaround the main security fix can be manually applied by patching the affected document `XWiki.Notifications.Code.NotificationRSSService`. This will break the link to the differences, though as this requires additional changes to Velocity templates as shown in the patch. While the default template is available in the instance and can be easily patched, the template for mentions is contained in a `.jar`-file and thus cannot be fixed without replacing that jar.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25433 βΌ
π Read
via "National Vulnerability Database".
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35938 βΌ
π Read
via "National Vulnerability Database".
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".