‼ CVE-2021-43759 ‼
📖 Read
via "National Vulnerability Database".
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43760 ‼
📖 Read
via "National Vulnerability Database".
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38066 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38069 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain cases📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3596 ‼
📖 Read
via "National Vulnerability Database".
Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.📖 Read
via "National Vulnerability Database".
🕴 Ransomware, From a Different Perspective 🕴
📖 Read
via "Dark Reading".
A good backup strategy can be effective at mitigating a ransomware attack, but how many organizations consider that their backup data can also be targeted?📖 Read
via "Dark Reading".
Dark Reading
Ransomware, From a Different Perspective
A good backup strategy can be effective at mitigating a ransomware attack, but how many organizations consider that their backup data can also be targeted?
📢 GitHub launches passkeys beta for passwordless authentication 📢
📖 Read
via "ITPro".
Users can now opt-in to using passkeys, replacing their password and 2FA method 📖 Read
via "ITPro".
ITPro
GitHub launches passkeys beta for passwordless authentication
Users can now opt-in to using passkeys, replacing their password and 2FA method
👍1
🕴 Hackers Exploit Policy Loophole in Windows Kernel Drivers 🕴
📖 Read
via "Dark Reading".
Using open source tools, attackers target Chinese speakers with malicious drivers with expired certificates, potentially allowing for full system takeover.📖 Read
via "Dark Reading".
Dark Reading
Hackers Exploit Policy Loophole in Windows Kernel Drivers
Using open source tools, attackers target Chinese speakers with malicious drivers with expired certificates, potentially allowing for full system takeover.
‼ CVE-2023-3618 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37455 ‼
📖 Read
via "National Vulnerability Database".
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-20185 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-37627 ‼
📖 Read
via "National Vulnerability Database".
Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-3600 ‼
📖 Read
via "National Vulnerability Database".
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2 and Firefox ESR < 115.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20207 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20210 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37456 ‼
📖 Read
via "National Vulnerability Database".
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.📖 Read
via "National Vulnerability Database".
❤1
🕴 White House Urged to Quickly Nominate National Cyber Director 🕴
📖 Read
via "Dark Reading".
A group of cybersecurity organizations is urging the White House to move with haste in nominating a new National Cyber Director, amid a complex and shifting threat landscape.📖 Read
via "Dark Reading".
Dark Reading
White House Urged to Quickly Nominate National Cyber Director
A group of cybersecurity organizations is urging the White House to move with haste in nominating a new National Cyber Director, amid a complex and shifting threat landscape.
❤2
🛠 jSQL Injection 0.87 🛠
📖 Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.87 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Zed Attack Proxy 2.13.0 Cross Platform Package 🛠
📖 Read
via "Packet Storm Security".
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Zed Attack Proxy 2.13.0 Cross Platform Package ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
⚠ Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs ⚠
📖 Read
via "Naked Security".
Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
⚠ Apple silently pulls its latest zero-day update – what now? ⚠
📖 Read
via "Naked Security".
Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News