βΌ CVE-2022-46485 βΌ
π Read
via "National Vulnerability Database".
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".π Read
via "National Vulnerability Database".
π΄ Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages π΄
π Read
via "Dark Reading".
Innovations in continuous controls monitoring may be the only way underwriters can offer cyber-insurance policies that make sense in the market. π Read
via "Dark Reading".
Dark Reading
Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages
Innovations in continuous controls monitoring may be the only way underwriters can offer cyber-insurance policies that make sense in the market.
βΌ CVE-2023-3470 βΌ
π Read
via "National Vulnerability Database".
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. Γ The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. Γ On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest.The following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F.The BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations.Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38423 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38419 βΌ
π Read
via "National Vulnerability Database".
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.Γ Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38138 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36494 βΌ
π Read
via "National Vulnerability Database".
Audit logs on F5OS-A may contain undisclosed sensitive information.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36858 βΌ
π Read
via "National Vulnerability Database".
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.Γ Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38418 βΌ
π Read
via "National Vulnerability Database".
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.Γ Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.π Read
via "National Vulnerability Database".
π1
π΄ Iranian Company Plays Host to Reams of Ransomware, APT Groups π΄
π Read
via "Dark Reading".
Cloudzy is a command-and-control provider (C2P) to APT groups in Iran, North Korea, and Russia, according to Halcyon.π Read
via "Dark Reading".
Dark Reading
Iranian Company Plays Host to Reams of Ransomware, APT Groups
Cloudzy is a command-and-control provider (C2P) to APT groups in Iran, North Korea, and Russia, according to Halcyon.
π΄ Global Optical Sensor Market to Reach $45.56B by 2030, Rising Demand in Consumer Electronics and IoT Applications π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Global Optical Sensor Market to Reach $45.56B by 2030, Rising Demand in Consumer Electronics and IoT Applications
DUBLIN, Aug. 1, 2023 /PRNewswire/ -- The "Optical Sensors Market: Global Market Size, Forecast, Insights, Segmentation, and Competitive Landscape with Impact of COVID-19 & Russia-Ukraine War" report has been added to ResearchAndMarkets.com's offering. Theβ¦
π΄ VALIC Retirement Services Company Experiences PBI Data Breach Exposing Approximately 798,000 Social Security Numbers π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
VALIC Retirement Services Company Experiences PBI Data Breach Exposing Approximately 798,000 Social Security Numbers
MARLTON, N.J., Aug. 1, 2023 /PRNewswire/ -- An estimated 798,000 consumers are being notified that their Social Security numbers and other confidential information were compromised when Pension Benefit Information, LLC, a vendor used by VALIC Retirement Servicesβ¦
π΄ Instagram Flags AI-Generated Content π΄
π Read
via "Dark Reading".
Amid the national discussion about AI safety and non-human-originated content in the US, an app researcher spotted an effort by the social media app to flag AI posts for its 2+ billion users.π Read
via "Dark Reading".
Dark Reading
Instagram Flags AI-Generated Content
Amid the national discussion about AI safety and non-human-originated content in the US, an app researcher spotted an effort by the social media app to flag AI posts for its 2+ billion users.
β€1
π΄ Solvo Unveils SecurityGenie: A Revolutionary ChatGPT-Like Solution for Cloud Security Teams π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Solvo Unveils SecurityGenie: A Revolutionary ChatGPT-Like Solution for Cloud Security Teams
TEL AVIV, Israel, Aug. 2, 2023 /PRNewswire/ -- Cloud security breaches are a major threat to organizations with an average detection time of 277 days and human error contributing to 85% of Incidents. To address this challenge, Solvo, a provider of adaptiveβ¦
π΄ SynSaber and ICS Advisory Project Identify Vulnerability Trends Within The Critical Infrastructure Sector π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SynSaber and ICS Advisory Project Identify Vulnerability Trends Within The Critical Infrastructure Sector
CHANDLER, Ariz., Aug. 2, 2023 /PRNewswire/ -- SynSaber, an industrial asset and network monitoring company dedicated to protecting OT and IT systems and defending critical infrastructure, in collaboration with the ICS Advisory Project, published their biβ¦
π΄ Tanium Selected by DHS CISA to Join the Joint Cyber Defense Collaborative π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Tanium Selected by DHS CISA to Join the Joint Cyber Defense Collaborative
KIRKLAND, Wash.--(BUSINESS WIRE) β Tanium, the industryβs only provider of Converged Endpoint Management (XEM), today announced it has been selected by the DHS Cybersecurity and Infrastructure Security Agency (CISA) to join the Joint Cyber Defense Collaborationβ¦
π΄ Guardio Uncovers Zero-Day Vulnerability in Salesforce's Email Services π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Guardio Uncovers Zero-Day Vulnerability in Salesforce's Email Services
Tel Aviv, Israel β August 2, 2023 β Guardio, a cybersecurity company leveraging cutting-edge machine learning and proprietary algorithms to deliver top-tier security solutions for both consumers and SMBs, is releasing today a report detailing their researchβ¦
π΄ BeyondTrust's Identity Security Insights Provides Unprecedented Visibility into Identity Threats π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
BeyondTrust's Identity Security Insights Provides Unprecedented Visibility into Identity Threats
Atlanta, GA β August 2, 2023 β BeyondTrust, the worldwide leader in intelligent identity and access security, today announced the general availability of its groundbreaking Identity Security Insights solution. With the escalating complexity of cyber threatsβ¦
π΄ Menlo Security Establishes Browser Security With AI-Powered Phishing and Ransomware Protection π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Menlo Security Establishes Browser Security With AI-Powered Phishing and Ransomware Protection
MOUNTAIN VIEW, Calif., August 1, 2023 β Menlo Security, Inc. ("Menlo Security"), a leader in browser security, today announced HEAT Shieldβ’ and HEAT Visibilityβ’, the industryβs first suite of threat prevention capabilities designed to detect and block highlyβ¦
βΌ CVE-2023-36081 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29409 βΌ
π Read
via "National Vulnerability Database".
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.π Read
via "National Vulnerability Database".