π’ First known open-source software attacks on banking sector could kickstart long-running trend π’
π Read
via "ITPro".
Researchers at Checkmarx predict a βsteady escalationβ in targeted attacks π Read
via "ITPro".
ITPro
First known open-source software attacks on banking sector could kickstart long-running trend
Researchers at Checkmarx predict a βsteady escalationβ in targeted attacks
π¦Ώ How to Access Your iPhone if You Forget Your Passcode π¦Ώ
π Read
via "Tech Republic".
There are ways to unlock your iPhone even without the right passcode, but you'll need a PC with iTunes or a Mac with Finder.π Read
via "Tech Republic".
TechRepublic
How to Access Your iPhone if You Forget Your Passcode
Learn how to regain control of your device and how to access your iPhone if you forgot the passcode using this comprehensive guide.
βΌ CVE-2023-3484 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3821 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38646 βΌ
π Read
via "National Vulnerability Database".
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3819 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3820 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3822 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.π Read
via "National Vulnerability Database".
β S3 Ep144: When threat hunting goes down a rabbit hole β
π Read
via "Naked Security".
Latest episode - check it out now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π¦Ώ 8 Best Enterprise Password Managers for 2023 π¦Ώ
π Read
via "Tech Republic".
This is a comprehensive list of the top enterprise password managers. Use this guide to compare and choose which one is best for your business.π Read
via "Tech Republic".
TechRepublic
8 Best Enterprise Password Managers
Explore the best enterprise password managers that provide security and centralized control for managing and protecting passwords across your organization.
π¦Ώ Europolβs IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent π¦Ώ
π Read
via "Tech Republic".
The Europol report also reported on cybercriminals' use of cryptocurrencies and how their techniques are more sophisticated. However, there was good cybersecurity news, too.π Read
via "Tech Republic".
TechRepublic
Europol's IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent
The Internet Organised Crime Threat Assessment 2023 report includes key findings and emerging cybersecurity threats that impact governments, businesses and individuals.
βΌ CVE-2023-26301 βΌ
π Read
via "National Vulnerability Database".
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37742 βΌ
π Read
via "National Vulnerability Database".
WebBoss.io CMS before v3.6.8.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3102 βΌ
π Read
via "National Vulnerability Database".
A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.π Read
via "National Vulnerability Database".
βοΈ Few Fortune 100 Firms List Security Pros in Their Executive Ranks βοΈ
π Read
via "Krebs on Security".
Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn't shifted much since is that very few of these companies list any security professionals within their top executive ranks.The next time you receive a breach notification letter that invariably says a company you trusted places a top priority on customer security and privacy, consider this: Only four of the Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is actually down from five of the Fortune 100 in 2018, the last time KrebsOnSecurity performed this analysis.π Read
via "Krebs on Security".
Krebs on Security
Few Fortune 100 Firms List Security Pros in Their Executive Ranks
Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn't shifted much since is that very few of these companies list any securityβ¦
βΌ CVE-2023-35392 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Spoofing Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-37901 βΌ
π Read
via "National Vulnerability Database".
Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a speaker) and then someone else to attempt to delete this content. Considering that event organizers may want to delete suspicious-looking content when spotting it, there is a non-negligible risk of such an attack to succeed. The risk of this could be further increased when combined with some some social engineering pointing the victim towards this content. Users need to update to Indico 3.2.6 as soon as possible. See the docs for instructions on how to update. Users who cannot upgrade should only let trustworthy users manage categories, create events or upload materials ("submission" privileges on a contribution/event). This should already be the case in a properly-configured setup when it comes to category/event management. Note that a conference doing a Call for Abstracts actively invites external speakers (who the organizers may not know and thus cannot fully trust) to submit content, hence the need to update to a a fixed version ASAP in particular when using such workflows.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25841 βΌ
π Read
via "National Vulnerability Database".
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 Γ’β¬β 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victimΓ’β¬β’s browser.Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38173 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge for Android Spoofing Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-25840 βΌ
π Read
via "National Vulnerability Database".
There is a Cross-site Scripting vulnerabilityΓ in ArcGIS Server in versions 10.8.1 Γ’β¬β 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. Γ The privileges required to execute this attack are high.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38187 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".