βΌ CVE-2022-39987 βΌ
π Read
via "National Vulnerability Database".
A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.π Read
via "National Vulnerability Database".
π΄ CISA: 'Submarine' Backdoor Torpedoes Barracuda Email Security π΄
π Read
via "Dark Reading".
A China-nexus cyber espionage campaign rages on with the fourth backdoor to surface in the wild that takes advantage of the CVE-2023-2868 zero-day security bug β with severe threat of lateral movement, CISA warns.π Read
via "Dark Reading".
Dark Reading
CISA: 'Submarine' Backdoor Torpedoes Barracuda Email Security
A China-nexus cyber-espionage campaign rages on with the fourth backdoor to surface in the wild that takes advantage of the CVE-2023-2868 zero-day security bug β with severe threat of lateral movement, CISA warns.
π΄ Lessons Not Learned From Software Supply Chain Attacks π΄
π Read
via "Dark Reading".
Businesses that develop business-, mission-, or safety-critical software must learn from previous victims of software supply chain attacks.π Read
via "Dark Reading".
Dark Reading
Lessons Not Learned From Software Supply Chain Attacks
Businesses that develop business-, mission-, or safety-critical software must learn from previous victims of software supply chain attacks.
β Firefox fixes a flurry of flaws in the first of two releases this month β
π Read
via "Naked Security".
No zero-days, but some interesting patches with their very own "teachable moments".π Read
via "Naked Security".
Sophos News
Firefox fixes a flurry of flaws in the first of two releases this month
No zero-days, but some interesting patches with their very own βteachable momentsβ.
π΄ 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web π΄
π Read
via "Dark Reading".
The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base.π Read
via "Dark Reading".
Dark Reading
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web
The DarkBART and DarkBERT cybercriminal chatbots, based on Google Bard, represent a major leap ahead for adversarial AI, including Google Lens integration for images and instant access to the whole of the cyber-underground knowledge base.
π΄ Apple Users Open to Remote Control via Tricky macOS Malware π΄
π Read
via "Dark Reading".
The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots.π Read
via "Dark Reading".
Dark Reading
Apple Users Open to Remote Control via Tricky macOS Malware
The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots.
π OpenSSL Toolkit 3.0.10 π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 3.0.10 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β€1
π OpenSSL Toolkit 1.1.1v π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 1.1.1v β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π AIDE 0.18.6 π
π Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.π Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.18.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-4055 βΌ
π Read
via "National Vulnerability Database".
When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4058 βΌ
π Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4057 βΌ
π Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-33493 βΌ
π Read
via "National Vulnerability Database".
An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without restrictions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4056 βΌ
π Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36210 βΌ
π Read
via "National Vulnerability Database".
MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38559 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4054 βΌ
π Read
via "National Vulnerability Database".
When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36211 βΌ
π Read
via "National Vulnerability Database".
The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38560 βΌ
π Read
via "National Vulnerability Database".
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.π Read
via "National Vulnerability Database".
π΄ Space Pirates Train Cyber Sabers on Russian, Serbian Organizations π΄
π Read
via "Dark Reading".
The attackers have expanded beyond backdoors and recently started using Deed RAT to step up their attacks.π Read
via "Dark Reading".
Dark Reading
Space Pirates Turn Cyber Sabers on Russian, Serbian Organizations
The attackers have expanded beyond backdoors and recently started using Deed RAT to step up their attacks.
π΄ Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi π΄
π Read
via "Dark Reading".
Nearly 200 models are affected by vulnerability that may give wireless access to unauthorized third parties.π Read
via "Dark Reading".
Dark Reading
Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi
Nearly 200 models are affected by vulnerability that may give wireless access to unauthorized third parties.