βΌ CVE-2023-20564 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD RyzenΓ’βΒ’ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.π Read
via "National Vulnerability Database".
π¦Ώ Get Norton 360 Standard on 2 Devices Plus Identity Theft Protection for $24.99 π¦Ώ
π Read
via "Tech Republic".
This exclusive bundle includes online dark web monitoring and identity theft support, so don't miss out on this discounted year-long subscription.π Read
via "Tech Republic".
TechRepublic
Get Norton 360 Standard on 2 Devices Plus Identity Theft Protection for $24.99
This exclusive bundle includes online dark web monitoring and identity theft support. Don't miss this discounted year-long subscription.
π’ How MSSPs can leverage dark web intelligence to counter emerging threats π’
π Read
via "ITPro".
Dark web intelligence can be a vital tool for MSSPs to bolster security and counter emerging threats π Read
via "ITPro".
ITPro
How MSSPs can leverage dark web intelligence to counter emerging threats
Dark web intelligence can be a vital tool for MSSPs to bolster security and counter emerging threats
β€1
βΌ CVE-2023-26140 βΌ
π Read
via "National Vulnerability Database".
Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39507 βΌ
π Read
via "National Vulnerability Database".
Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4374 βΌ
π Read
via "National Vulnerability Database".
The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-3958 βΌ
π Read
via "National Vulnerability Database".
The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.π Read
via "National Vulnerability Database".
β€1
π’ Business email compromise attack costs far exceeding ransomware losses π’
π Read
via "ITPro".
The increasingly popular phishing attack method is enabling threat actors to reap serious financial rewards π Read
via "ITPro".
ITPro
Business email compromise attack costs far exceeding ransomware losses
The increasingly popular phishing attack method is enabling threat actors to reap serious financial rewards
βΌ CVE-2023-30473 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov YML for Yandex Market plugin <=Γ 3.10.7 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30784 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kaya Studio Kaya QR Code Generator plugin <=Γ 1.5.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30782 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <=Γ 3.7.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30871 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo Plugins (by Webdados) Stock Exporter for WooCommerce plugin <=Γ 1.1.0 versions.π Read
via "National Vulnerability Database".
π΄ Mandiant Releases Scanner to Identify Compromised NetScaler ADC, Gateways π΄
π Read
via "Dark Reading".
Mandiant's IoC Scanner will help enterprises collect indicators of compromise on affected Citrix NetScaler products.π Read
via "Dark Reading".
Dark Reading
Mandiant Releases Scanner to Identify Compromised NetScaler ADC, Gateway
Mandiant's IoC Scanner will help enterprises collect indicators of compromise on affected Citrix NetScaler products.
βΌ CVE-2023-30779 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan Daggerhart Query Wrangler plugin <=Γ 1.5.51 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30785 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Grid plugin <=Γ 1.21 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4241 βΌ
π Read
via "National Vulnerability Database".
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30786 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benjamin Guy Captcha Them All plugin <=Γ 1.3.3 versions.π Read
via "National Vulnerability Database".
π΄ QR Code Phishing Campaign Targets Top US Energy Company π΄
π Read
via "Dark Reading".
Attackers sent more than 1,000 emails with 2FA, MFA, and other security-related lures aimed at stealing Microsoft credentials.π Read
via "Dark Reading".
Dark Reading
QR Code Phishing Campaign Targets Top US Energy Company
Attackers sent more than 1,000 emails with 2FA, MFA, and other security-related lures aimed at stealing Microsoft credentials.
π΄ Iran and the Rise of Cyber-Enabled Influence Operations π΄
π Read
via "Dark Reading".
Iranian threat actors are combining offensive network ops with messaging and amplification to manipulate targets' perceptions and behavior. Here are three examples.π Read
via "Dark Reading".
Dark Reading
Iran and the Rise of Cyber-Enabled Influence Operations
Iranian threat actors are combining offensive network ops with messaging and amplification to manipulate targets' perceptions and behavior. Here are three examples.
π΄ Boards Don't Want Security Promises β They Want Action π΄
π Read
via "Dark Reading".
CISOs must demonstrate that security processes and updates reduce risk in measurable ways. Put emphasis on action, get the basics right, and improve processes. π Read
via "Dark Reading".
Dark Reading
Boards Don't Want Security Promises β They Want Action
CISOs must demonstrate that security processes and updates reduce risk in measurable ways. Put emphasis on action, get the basics right, and improve processes.
βΌ CVE-2023-32494 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.π Read
via "National Vulnerability Database".