π΄ The Hard Realities of Setting AI Risk Policy π΄
π Read
via "Dark Reading".
Time to get real about what it takes to set and enforce cybersecurity and resilience standards for AI risk management in the enterprise.π Read
via "Dark Reading".
Dark Reading
The Hard Realities of Setting AI Risk Policy
It's time to get real about what it takes to set and enforce cybersecurity and resilience standards for AI risk management in the enterprise.
π΄ EvilProxy Cyberattack Flood Targets Execs via Microsoft 365 π΄
π Read
via "Dark Reading".
A campaign sent 120,000 phishing emails in three months, circumventing MFA to compromise cloud accounts of high-level executives at global organizationsπ Read
via "Dark Reading".
Dark Reading
EvilProxy Cyberattack Flood Targets Execs via Microsoft 365
A campaign sent 120,000 phishing emails in three months, circumventing MFA to compromise cloud accounts of high-level executives at global organizations
π₯1
π¦Ώ Black Hat 2023 Keynote: Navigating Generative AI in Todayβs Cybersecurity Landscape π¦Ώ
π Read
via "Tech Republic".
Discover the challenges that AI will bring to the cybersecurity industry and the opportunities and future implications of cybersecurity in an AI-dominated world.π Read
via "Tech Republic".
TechRepublic
Black Hat 2023 Keynote: Navigating Generative AI in Today's Cybersecurity Landscape
Discover the challenges AI will bring to cybersecurity and the opportunities and future implications of security in an AI-dominated world.
π΄ Cyber Insurance Experts Make a Case for Coverage, Protection π΄
π Read
via "Dark Reading".
At Black Hat "mini summit," providers and customers get clearer about premium costs and coverage β and the risk of doing without.π Read
via "Dark Reading".
Dark Reading
Cyber Insurance Experts Make a Case for Coverage, Protection
At Black Hat "mini summit," providers and customers get clearer about premium costs and coverage β and the risk of doing without.
π΄ Dell Credentials Bug Opens VMWare Environments to Takeover π΄
π Read
via "Dark Reading".
Decoding private keys from even one Dell customer could give attackers control over VMWare environments across all organizations running the same programs.π Read
via "Dark Reading".
Dark Reading
Dell Credentials Bug Opens VMware Environments to Takeover
Decoding private keys from even one Dell customer could give attackers control over VMware environments across all organizations running the same programs.
βΌ CVE-2023-38333 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32561 βΌ
π Read
via "National Vulnerability Database".
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32562 βΌ
π Read
via "National Vulnerability Database".
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32560 βΌ
π Read
via "National Vulnerability Database".
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.Thanks to a Researcher at Tenable for finding and reporting.Fixed in version 6.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40225 βΌ
π Read
via "National Vulnerability Database".
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37625 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39806 βΌ
π Read
via "National Vulnerability Database".
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32564 βΌ
π Read
via "National Vulnerability Database".
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39805 βΌ
π Read
via "National Vulnerability Database".
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40014 βΌ
π Read
via "National Vulnerability Database".
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40224 βΌ
π Read
via "National Vulnerability Database".
MISP 2.4174 allows XSS in app/View/Events/index.ctp.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32563 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated attacker could achieve the code execution through a RemoteControl server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28129 βΌ
π Read
via "National Vulnerability Database".
Desktop & Server Management (DSM) may have a possible execution of arbitrary commands.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32565 βΌ
π Read
via "National Vulnerability Database".
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.π Read
via "National Vulnerability Database".
π΄ CISA: 'Whirlpool' Backdoor Sends Barracuda ESG Security Down the Drain π΄
π Read
via "Dark Reading".
Researchers have observed China's UNC4841 dropping the backdoor on Barracuda's email security appliances, in a spiraling cyber-espionage campaign.π Read
via "Dark Reading".
Dark Reading
CISA: 'Whirlpool' Backdoor Sends Barracuda ESG Security Down the Drain
The backdoor is one of several that researchers have observed China's UNC4841 dropping on Barracuda's email security appliances, in a spiraling cyber-espionage campaign that has affected organizations in 16 countries so far.
π΄ Rhysida Ransomware Trains Its Sights on Healthcare Operations π΄
π Read
via "Dark Reading".
The new group has already made an impact in multiple countries and industries, including a multistate hospital chain in the US.π Read
via "Dark Reading".
Dark Reading
Rhysida Ransomware Trains Its Sights on Healthcare Operations
The new group has already made an impact in multiple countries and industries, including a multistate hospital chain in the US.