βΌ CVE-2022-47636 βΌ
π Read
via "National Vulnerability Database".
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4128 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.π Read
via "National Vulnerability Database".
π΄ Rootly Raises $12M to Help Enterprise IT Teams Resolve Incidents 80 Percent Faster π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Rootly Raises $12M to Help Enterprise IT Teams Resolve Incidents 80 Percent Faster
San Francisco, Calif. β Aug. 10, 2023 β Rootly, which offers the first and only enterprise-grade incident management platform, announced today that it has raised a $12M Series A round of financing led by Renegade Partners with participation from Google Gradientβ¦
π΄ SecurityGen Study Highlights Hidden Threat to 5G Mobile Networks From GTP-Based Cyberattacks π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
SecurityGen Study Highlights Hidden Threat to 5G Mobile Networks From GTP-Based Cyberattacks
London, UK - 10 August 2023 β Mobile operators need to reassess security vulnerabilities in the key GTP (GPRS Tunnelling Protocol) protocol and bolster GTP security within their networks as they continue to invest in and roll out 5G, according to a new studyβ¦
π΄ The Hard Realities of Setting AI Risk Policy π΄
π Read
via "Dark Reading".
Time to get real about what it takes to set and enforce cybersecurity and resilience standards for AI risk management in the enterprise.π Read
via "Dark Reading".
Dark Reading
The Hard Realities of Setting AI Risk Policy
It's time to get real about what it takes to set and enforce cybersecurity and resilience standards for AI risk management in the enterprise.
π΄ EvilProxy Cyberattack Flood Targets Execs via Microsoft 365 π΄
π Read
via "Dark Reading".
A campaign sent 120,000 phishing emails in three months, circumventing MFA to compromise cloud accounts of high-level executives at global organizationsπ Read
via "Dark Reading".
Dark Reading
EvilProxy Cyberattack Flood Targets Execs via Microsoft 365
A campaign sent 120,000 phishing emails in three months, circumventing MFA to compromise cloud accounts of high-level executives at global organizations
π₯1
π¦Ώ Black Hat 2023 Keynote: Navigating Generative AI in Todayβs Cybersecurity Landscape π¦Ώ
π Read
via "Tech Republic".
Discover the challenges that AI will bring to the cybersecurity industry and the opportunities and future implications of cybersecurity in an AI-dominated world.π Read
via "Tech Republic".
TechRepublic
Black Hat 2023 Keynote: Navigating Generative AI in Today's Cybersecurity Landscape
Discover the challenges AI will bring to cybersecurity and the opportunities and future implications of security in an AI-dominated world.
π΄ Cyber Insurance Experts Make a Case for Coverage, Protection π΄
π Read
via "Dark Reading".
At Black Hat "mini summit," providers and customers get clearer about premium costs and coverage β and the risk of doing without.π Read
via "Dark Reading".
Dark Reading
Cyber Insurance Experts Make a Case for Coverage, Protection
At Black Hat "mini summit," providers and customers get clearer about premium costs and coverage β and the risk of doing without.
π΄ Dell Credentials Bug Opens VMWare Environments to Takeover π΄
π Read
via "Dark Reading".
Decoding private keys from even one Dell customer could give attackers control over VMWare environments across all organizations running the same programs.π Read
via "Dark Reading".
Dark Reading
Dell Credentials Bug Opens VMware Environments to Takeover
Decoding private keys from even one Dell customer could give attackers control over VMware environments across all organizations running the same programs.
βΌ CVE-2023-38333 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32561 βΌ
π Read
via "National Vulnerability Database".
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32562 βΌ
π Read
via "National Vulnerability Database".
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32560 βΌ
π Read
via "National Vulnerability Database".
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.Thanks to a Researcher at Tenable for finding and reporting.Fixed in version 6.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40225 βΌ
π Read
via "National Vulnerability Database".
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37625 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39806 βΌ
π Read
via "National Vulnerability Database".
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32564 βΌ
π Read
via "National Vulnerability Database".
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39805 βΌ
π Read
via "National Vulnerability Database".
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40014 βΌ
π Read
via "National Vulnerability Database".
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40224 βΌ
π Read
via "National Vulnerability Database".
MISP 2.4174 allows XSS in app/View/Events/index.ctp.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32563 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated attacker could achieve the code execution through a RemoteControl server.π Read
via "National Vulnerability Database".