βΌ CVE-2021-29057 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39534 βΌ
π Read
via "National Vulnerability Database".
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36138 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-32267 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.π Read
via "National Vulnerability Database".
π¦Ώ Best Encryption Software and Tools for 2023 π¦Ώ
π Read
via "Tech Republic".
This is a comprehensive list of best encryption software and tools, covering their features, pricing and more. Use this guide to determine your best fit.π Read
via "Tech Republic".
TechRepublic
The 7 Best Encryption Software Choices for 2024
This is a comprehensive list of the best encryption software and tools, with features, pricing and more. Use this guide to find your best fit.
π€1
π¦Ώ Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact π¦Ώ
π Read
via "Tech Republic".
Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it.π Read
via "Tech Republic".
TechRepublic
Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact
Learn technical details of a newly disclosed security vulnerability and mitigation recommendations from the Google researcher who found it.
π΄ XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure π΄
π Read
via "Dark Reading".
Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections.π Read
via "Dark Reading".
Dark Reading
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure
Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections.
βΌ CVE-2023-0871 βΌ
π Read
via "National Vulnerability Database".
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platformsΓ is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services.Γ The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.π Read
via "National Vulnerability Database".
π¦Ώ Dependency Confusion Attacks: New Research Into Which Businesses are At Risk π¦Ώ
π Read
via "Tech Republic".
Dependency confusion is becoming a serious cybersecurity threat. Learn which organizations are at risk and how to protect systems against these attacks.π Read
via "Tech Republic".
TechRepublic
Dependency Confusion Attacks: New Research Into Which Businesses are At Risk
A new type of attack called dependency confusion is becoming a serious security threat to organizations. Learn how to protect your systems.
π΄ Threat Intelligence Efforts, Investment Lagging, Says Opswat π΄
π Read
via "Dark Reading".
In an annual survey, 62% of respondents admited their threat intel efforts need stepping up.π Read
via "Dark Reading".
Dark Reading
Threat Intelligence Efforts, Investment Lagging, Says Opswat
In an annual survey, 62% of respondents admited their threat intel efforts need stepping up.
π΄ As Phishing Gets Even Sneakier, Browser Security Needs to Step Up π΄
π Read
via "Dark Reading".
Perception Point's Din Serussi says browser extensions can help mitigate more sophisticated phishing techniques.π Read
via "Dark Reading".
Dark Reading
As Phishing Gets Even Sneakier, Browser Security Needs to Step Up
Perception Point's Din Serussi says browser extensions can help mitigate more sophisticated phishing techniques.
π΄ Fortinet Announces Free Security Awareness Curriculum for K-12 Students Tied to White House's Cyber Initiatives π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Fortinet Announces Free Security Awareness Curriculum for K-12 Students Tied to White House's Cyber Initiatives
SUNNYVALE, Calif. - Aug 9, 2023 β
π΄ Security Pressures Mount Around AI's Promises & Peril π΄
π Read
via "Dark Reading".
Both threats to enterprises and career opportunities are being created by the escalation of generative AI and ChatGPT, warns Maria 'Azeria' Markstedter.π Read
via "Dark Reading".
Dark Reading
Security Pressures Mount Around AI's Promises & Peril
Both threats to enterprises and career opportunities are being created by the escalation of generative AI and ChatGPT, warns Maria 'Azeria' Markstedter.
π¦Ώ Minimizing Risk Through Proactive Apple Device Management: Addigy π¦Ώ
π Read
via "Tech Republic".
In this Executive Brief by Preetham Gurram, Vice President of Product, Addigy, learn how to proactively manage Apple devices. π Read
via "Tech Republic".
TechRepublic
Minimizing Risk Through Proactive Apple Device Management: Addigy
In this Executive Brief by Preetham Gurram, Vice President of Product, Addigy, learn how to proactively manage Apple devices.
π¦Ώ Black Hat USA 2023 Panel: Used Correctly, Generative AI is a Boon for Cybersecurity π¦Ώ
π Read
via "Tech Republic".
A Black Hat 2023 panel discussed the ramifications of generative AI, and included the former Cyber Czar for the Obama administration.π Read
via "Tech Republic".
TechRepublic
Black Hat USA 2023 Panel: Used Correctly, Generative AI is a Boon for Cybersecurity
A Black Hat 2023 panel discussed the ramifications of generative AI, and included the former Cyber Czar for the Obama administration.
βΌ CVE-2023-22955 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22956 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22957 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3452 βΌ
π Read
via "National Vulnerability Database".
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4293 βΌ
π Read
via "National Vulnerability Database".
The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'profile[role]' parameter during a profile update.π Read
via "National Vulnerability Database".