🕴 Hackers Exploit Policy Loophole in Windows Kernel Drivers 🕴
📖 Read
via "Dark Reading".
Using open source tools, attackers target Chinese speakers with malicious drivers with expired certificates, potentially allowing for full system takeover.📖 Read
via "Dark Reading".
Dark Reading
Hackers Exploit Policy Loophole in Windows Kernel Drivers
Using open source tools, attackers target Chinese speakers with malicious drivers with expired certificates, potentially allowing for full system takeover.
‼ CVE-2023-3618 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37455 ‼
📖 Read
via "National Vulnerability Database".
The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-20185 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-37627 ‼
📖 Read
via "National Vulnerability Database".
Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-3600 ‼
📖 Read
via "National Vulnerability Database".
During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2 and Firefox ESR < 115.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20207 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20210 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37456 ‼
📖 Read
via "National Vulnerability Database".
The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.📖 Read
via "National Vulnerability Database".
❤1
🕴 White House Urged to Quickly Nominate National Cyber Director 🕴
📖 Read
via "Dark Reading".
A group of cybersecurity organizations is urging the White House to move with haste in nominating a new National Cyber Director, amid a complex and shifting threat landscape.📖 Read
via "Dark Reading".
Dark Reading
White House Urged to Quickly Nominate National Cyber Director
A group of cybersecurity organizations is urging the White House to move with haste in nominating a new National Cyber Director, amid a complex and shifting threat landscape.
❤2
🛠 jSQL Injection 0.87 🛠
📖 Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.87 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Zed Attack Proxy 2.13.0 Cross Platform Package 🛠
📖 Read
via "Packet Storm Security".
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Zed Attack Proxy 2.13.0 Cross Platform Package ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
⚠ Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs ⚠
📖 Read
via "Naked Security".
Don't delay, do it today. This is a code-implantation bug in WebKit that attackers already know how to exploit.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
⚠ Apple silently pulls its latest zero-day update – what now? ⚠
📖 Read
via "Naked Security".
Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🕴 How to Put Generative AI to Work in Your Security Operations Center 🕴
📖 Read
via "Dark Reading".
Generative AI is the cybersecurity resource that never sleeps. Here are some of the ways security-focused generative AI can benefit different members of the SOC team.📖 Read
via "Dark Reading".
Dark Reading
How to Put Generative AI to Work in Your Security Operations Center
Generative AI is the cybersecurity resource that never sleeps. Here are some of the ways security-focused generative AI can benefit different members of the SOC team.
‼ CVE-2023-37955 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37956 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29313 ‼
📖 Read
via "National Vulnerability Database".
Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37961 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-37962 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37959 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.📖 Read
via "National Vulnerability Database".