π΄ Orca Sues Wiz for 'Copying' Its Cloud Security Tech π΄
π Read
via "Dark Reading".
Two fierce cloud security competitors are locked in a legal battle, as Orca accuses Wiz of ripping off its intellectual property.π Read
via "Dark Reading".
Dark Reading
Orca Sues Wiz for 'Copying' Its Cloud Security Tech
Two fierce cloud security competitors are locked in a legal battle, as Orca accuses Wiz of ripping off its intellectual property.
βΌ CVE-2023-34458 βΌ
π Read
via "National Vulnerability Database".
mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag `RelayedNonceFixEnableEpoch` was needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42045 βΌ
π Read
via "National Vulnerability Database".
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30559 βΌ
π Read
via "National Vulnerability Database".
The configuration from the PCU can be modified without authentication using physical connection to the PCU.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30560 βΌ
π Read
via "National Vulnerability Database".
The configuration from the PCU can be modified without authentication using physical connection to the PCU.π Read
via "National Vulnerability Database".
π΄ Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub π΄
π Read
via "Dark Reading".
A cyber attacker gives defenders a taste of their own medicine, with GitHub honeypots concealing infostealers.π Read
via "Dark Reading".
Dark Reading
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub
A cyber attacker gives defenders a taste of their own medicine, with GitHub honeypots concealing infostealers.
π΄ Cybersecurity Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions π΄
π Read
via "Dark Reading".
Optiv survey highlights organizations' need for talent, challenges with sophistication of threat actors and expanding attack surface. π Read
via "Dark Reading".
Dark Reading
Cybersecurity Leaders Report Reduction in Disruptive Cyber Incidents With MSS/MDR Solutions
Optiv survey highlights organizations' need for talent, challenges with sophistication of threat actors and expanding attack surface.
π΄ Facebook and Microsoft are the Most Impersonated Brands in Phishing Attacks π΄
π Read
via "Dark Reading".
Vade's phishing and malware report reveals phishing volumes increased by more than 54% in H1 2023.π Read
via "Dark Reading".
Dark Reading
Facebook and Microsoft are the Most Impersonated Brands in Phishing Attacks
Vade's phishing and malware report reveals phishing volumes increased by more than 54% in H1 2023.
π΄ Safe Security Acquires RiskLens π΄
π Read
via "Dark Reading".
A combination of SAFE Platform's industry defining AI capabilities coupled with the industry standard FAIR model for cyber risk quantification, that was pioneered by RiskLens.π Read
via "Dark Reading".
Dark Reading
Safe Security Acquires RiskLens
A combination of SAFE Platform's industry defining AI capabilities coupled with the industry standard FAIR model for cyber risk quantification, that was pioneered by RiskLens.
π΄ Secure Code Warrior Ushers in Next Era in Developer Driven Security With $50M Series C Funding Round π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Secure Code Warrior Ushers in Next Era in Developer Driven Security With $50M Series C Funding Round
Boston, London, Sydney β July 13, 2023 β Secure Code Warrior, the leading agile learning platform for developer-driven security leaders, today announced it closed its Series C funding round, led by Paladin Capital Group. At $50M USD, this marks the largestβ¦
π΄ Black Hat Announces Sustainability Pledge π΄
π Read
via "Dark Reading".
Pledge stems from Black Hatβs commitment to become a net zero carbon business by 2030.π Read
via "Dark Reading".
Dark Reading
Black Hat Announces Sustainability Pledge
Pledge stems from Black Hatβs commitment to become a net zero carbon business by 2030.
π΄ Secure Code Warrior Raises $50M to Accelerate Product Innovation π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Secure Code Warrior Raises $50M to Accelerate Product Innovation
Secure Code Warrior closed its Series C funding round, led by Paladin Capital Group. At $50 million, this marks the largest investment since the company's inception, bringing its total funding to date to over $100 million.
π΄ Introducing EncryptionSafe: A Free and Easy-to-Use Encryption App for Windows PC π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Introducing EncryptionSafe: A Free and Easy-to-Use Encryption App for Windows PC
ALEXANDRIA, Va., July 13, 2023 /PRNewswire/ -- SmartPC Tools, a leading provider of innovative software solutions, released EncryptionSafe, a free, easy to use encryption application designed specifically for Windows PCs. With the ever-increasing amount ofβ¦
βοΈ SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge βοΈ
π Read
via "Krebs on Security".
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.]It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling itself the Impact Team was prepared to leak data on all 37 million users unless Ashley Madison and a sister property voluntarily closed down within 30 days.π Read
via "Krebs on Security".
Krebs on Security
SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] It was around 9 p.m. on Sunday, July 19, when I received aβ¦
π΄ White House Fills in Details Of National Cybersecurity Strategy π΄
π Read
via "Dark Reading".
While the plan may convey the right kind of urgency, it lacks both funding and bipartisan support, industry professionals say.π Read
via "Dark Reading".
Dark Reading
White House Fills in Details of National Cybersecurity Strategy
While the plan may convey the right kind of urgency, it lacks both funding and bipartisan support, industry professionals say.
βΌ CVE-2023-37598 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36473 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35945 βΌ
π Read
via "National Vulnerability Database".
Envoy is a cloud-native high-performance edge/middle/service proxy. EnvoyΓ’β¬β’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37463 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37468 βΌ
π Read
via "National Vulnerability Database".
Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30563 βΌ
π Read
via "National Vulnerability Database".
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.π Read
via "National Vulnerability Database".