๐ด What Implementing Biometrics for Authentication Looks Like ๐ด
๐ Read
via "Dark Reading".
CISOs are incorporating biometrics as part of their multifactor authentication strategies. This is what they should be thinking about during implementation.๐ Read
via "Dark Reading".
Dark Reading
What Implementing Biometrics for Authentication Looks Like
CISOs are incorporating biometrics as part of their multifactor authentication strategies. This is what they should be thinking about during implementation.
โค1
โผ CVE-2023-26139 โผ
๐ Read
via "National Vulnerability Database".
Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like รขโฌล__proto__รขโฌ๏ฟฝ.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23548 โผ
๐ Read
via "National Vulnerability Database".
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32302 โผ
๐ Read
via "National Vulnerability Database".
Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.๐ Read
via "National Vulnerability Database".
๐1
๐ฆฟ TechRepublic Premium Editorial Calendar: IT Policies, Checklists, Hiring Kits and Research for Download ๐ฆฟ
๐ Read
via "Tech Republic".
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.๐ Read
via "Tech Republic".
TechRepublic
TechRepublic Premium Editorial Calendar: Policies, Hiring Kits, and Glossaries for Download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
๐ด Why the California Delete Act Matters ๐ด
๐ Read
via "Dark Reading".
Bill 362 is a perfect template for a nationwide win against data brokers and the privacy infringements they cause.๐ Read
via "Dark Reading".
Dark Reading
Why the California Delete Act Matters
Bill 362 is a perfect template for a nationwide win against data brokers and the privacy infringements they cause.
โ SEC demands four-day disclosure limit for cybersecurity breaches โ
๐ Read
via "Naked Security".
When is a ransomware attack a reportable matter? And how long have you got to decide?๐ Read
via "Naked Security".
Sophos News
Naked Security โ Sophos News
๐1
โผ CVE-2023-37478 โผ
๐ Read
via "National Vulnerability Database".
pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via npm being replaced with a compromised or malicious version when installed via pnpm. This issue has been patched in version(s) 7.33.4 and 8.6.8.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-4047 โผ
๐ Read
via "National Vulnerability Database".
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31710 โผ
๐ Read
via "National Vulnerability Database".
TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-4051 โผ
๐ Read
via "National Vulnerability Database".
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-39108 โผ
๐ Read
via "National Vulnerability Database".
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-4046 โผ
๐ Read
via "National Vulnerability Database".
In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-39110 โผ
๐ Read
via "National Vulnerability Database".
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-4052 โผ
๐ Read
via "National Vulnerability Database".
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-39109 โผ
๐ Read
via "National Vulnerability Database".
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-4049 โผ
๐ Read
via "National Vulnerability Database".
Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-4045 โผ
๐ Read
via "National Vulnerability Database".
Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-39986 โผ
๐ Read
via "National Vulnerability Database".
A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-38357 โผ
๐ Read
via "National Vulnerability Database".
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-4048 โผ
๐ Read
via "National Vulnerability Database".
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.๐ Read
via "National Vulnerability Database".