π΄ Secure Code Warrior Raises $50M to Accelerate Product Innovation π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Secure Code Warrior Raises $50M to Accelerate Product Innovation
Secure Code Warrior closed its Series C funding round, led by Paladin Capital Group. At $50 million, this marks the largest investment since the company's inception, bringing its total funding to date to over $100 million.
π΄ Introducing EncryptionSafe: A Free and Easy-to-Use Encryption App for Windows PC π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Introducing EncryptionSafe: A Free and Easy-to-Use Encryption App for Windows PC
ALEXANDRIA, Va., July 13, 2023 /PRNewswire/ -- SmartPC Tools, a leading provider of innovative software solutions, released EncryptionSafe, a free, easy to use encryption application designed specifically for Windows PCs. With the ever-increasing amount ofβ¦
βοΈ SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge βοΈ
π Read
via "Krebs on Security".
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.]It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling itself the Impact Team was prepared to leak data on all 37 million users unless Ashley Madison and a sister property voluntarily closed down within 30 days.π Read
via "Krebs on Security".
Krebs on Security
SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] It was around 9 p.m. on Sunday, July 19, when I received aβ¦
π΄ White House Fills in Details Of National Cybersecurity Strategy π΄
π Read
via "Dark Reading".
While the plan may convey the right kind of urgency, it lacks both funding and bipartisan support, industry professionals say.π Read
via "Dark Reading".
Dark Reading
White House Fills in Details of National Cybersecurity Strategy
While the plan may convey the right kind of urgency, it lacks both funding and bipartisan support, industry professionals say.
βΌ CVE-2023-37598 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36473 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35945 βΌ
π Read
via "National Vulnerability Database".
Envoy is a cloud-native high-performance edge/middle/service proxy. EnvoyΓ’β¬β’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37463 βΌ
π Read
via "National Vulnerability Database".
cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37468 βΌ
π Read
via "National Vulnerability Database".
Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30563 βΌ
π Read
via "National Vulnerability Database".
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30565 βΌ
π Read
via "National Vulnerability Database".
An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30564 βΌ
π Read
via "National Vulnerability Database".
Alaris Systems Manager does not perform input validation during the Device Import Function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30562 βΌ
π Read
via "National Vulnerability Database".
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30561 βΌ
π Read
via "National Vulnerability Database".
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37466 βΌ
π Read
via "National Vulnerability Database".
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37714 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37718 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3668 βΌ
π Read
via "National Vulnerability Database".
Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37721 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37716 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37723 βΌ
π Read
via "National Vulnerability Database".
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting.π Read
via "National Vulnerability Database".