π΄ BeyondTrust's Identity Security Insights Provides Unprecedented Visibility into Identity Threats π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
BeyondTrust's Identity Security Insights Provides Unprecedented Visibility into Identity Threats
Atlanta, GA β August 2, 2023 β BeyondTrust, the worldwide leader in intelligent identity and access security, today announced the general availability of its groundbreaking Identity Security Insights solution. With the escalating complexity of cyber threatsβ¦
π΄ Menlo Security Establishes Browser Security With AI-Powered Phishing and Ransomware Protection π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Menlo Security Establishes Browser Security With AI-Powered Phishing and Ransomware Protection
MOUNTAIN VIEW, Calif., August 1, 2023 β Menlo Security, Inc. ("Menlo Security"), a leader in browser security, today announced HEAT Shieldβ’ and HEAT Visibilityβ’, the industryβs first suite of threat prevention capabilities designed to detect and block highlyβ¦
βΌ CVE-2023-36081 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29409 βΌ
π Read
via "National Vulnerability Database".
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3978 βΌ
π Read
via "National Vulnerability Database".
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29407 βΌ
π Read
via "National Vulnerability Database".
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29408 βΌ
π Read
via "National Vulnerability Database".
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.π Read
via "National Vulnerability Database".
π΄ Russian APT 'BlueCharlie' Swaps Infrastructure to Evade Detection π΄
π Read
via "Dark Reading".
Despite being outed earlier this year, the advanced persistent threat group is trying to sneak past researchers again.π Read
via "Dark Reading".
Dark Reading
Russian APT 'BlueCharlie' Swaps Infrastructure to Evade Detection
Despite being outed earlier this year, the advanced persistent threat group is trying to sneak past researchers again.
β Performance and security clash yet again in βCollide+Powerβ attack β
π Read
via "Naked Security".
It's a real vulnerability, but the data leakage rate can be as low as... let's just say that an IMAX-quality copy of the new "Oppenheimer" movie could take you 4 billion years to exfiltrate.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ CISOs Need Backing to Take Charge of Security π΄
π Read
via "Dark Reading".
Unless the CEO and other C-suite executives defer to the CISO's decisions on cybersecurity, is that CISO really running things?π Read
via "Dark Reading".
Dark Reading
CISOs Need Backing to Take Charge of Security
Unless the CEO and other C-suite executives defer to the CISO's decisions on cybersecurity, is the CISO really running things?
βΌ CVE-2023-3329 βΌ
π Read
via "National Vulnerability Database".
SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-39113 βΌ
π Read
via "National Vulnerability Database".
ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39114 βΌ
π Read
via "National Vulnerability Database".
ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1437 βΌ
π Read
via "National Vulnerability Database".
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1935 βΌ
π Read
via "National Vulnerability Database".
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38748 βΌ
π Read
via "National Vulnerability Database".
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4117 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3346 βΌ
π Read
via "National Vulnerability Database".
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4113 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21409 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient file permissions, unprivileged users could gain access to unencrypted administratorcredentials allowing the configuration of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4115 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".