βΌ CVE-2023-32202 βΌ
π Read
via "National Vulnerability Database".
Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36317 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38422 βΌ
π Read
via "National Vulnerability Database".
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.π Read
via "National Vulnerability Database".
β Using WinRAR? Be sure to patch against these code execution bugsβ¦ β
π Read
via "Naked Security".
Imagine if you clicked on a harmless-looking image, but an unknown application fired up instead...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Prelude Security Tackles Continuous Security Testing in Containers π΄
π Read
via "Dark Reading".
Probes are tiny processes which run inside containers and scan applications for vulnerabilities.π Read
via "Dark Reading".
Dark Reading
Prelude Security Tackles Continuous Security Testing in Containers
Probes are tiny processes that run inside containers and scan applications for vulnerabilities.
βΌ CVE-2023-40573 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with "Job content executed" will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32559 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40572 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.π Read
via "National Vulnerability Database".
π’ Salt Security lifts lid on new STEP partner program π’
π Read
via "ITPro".
Initiative's inaugural partners include Bright Security, Invicti, StackHawk, and Contrast Security π Read
via "ITPro".
channelpro
Salt Security lifts lid on new STEP partner program
Initiative's inaugural partners include Bright Security, Invicti, StackHawk, and Contrast Security
π΄ eSentire Labs Open Sources Project to Monitor LLMs π΄
π Read
via "Dark Reading".
The eSentire LLM Gateway provides monitoring and governance of ChatGPT and other Large Language Models being used in the organization.π Read
via "Dark Reading".
Dark Reading
eSentire Labs Open Sources Project to Monitor LLMs
The eSentire LLM Gateway provides monitoring and governance of ChatGPT and other large language models being used in the organization.
π΄ North Korea's Lazarus Group Used GUI Framework to Build Stealthy RAT π΄
π Read
via "Dark Reading".
The world's most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies.π Read
via "Dark Reading".
Dark Reading
North Korea's Lazarus APT Uses GUI Framework to Build Stealthy RAT
The world's most notorious threat actor is using an unprecedented tactic for sneaking spyware into the IT networks of important companies.
π’ βWorst case scenarioβ ransomware attack cripples Danish cloud provider π’
π Read
via "ITPro".
Hundreds of customers in the Nordics have been impacted by the breach π Read
via "ITPro".
Cloud Pro
βWorst case scenarioβ ransomware attack cripples Danish cloud provider
Hundreds of customers in the Nordics have been impacted by the breach
π¦Ώ Critical Insight Reports Fewer Cybersecurity Breaches in Health Care, Yet Victim Numbers Are Up in 2023 π¦Ώ
π Read
via "Tech Republic".
A new study by Critical Insight shows that cybersecurity attacks in the health care sector are hitting more individuals and finding vulnerabilities in third-party partners.π Read
via "Tech Republic".
TechRepublic
Critical Insight Reports Fewer Cybersecurity Breaches in Health Care, Yet Victim Numbers Are Up in 2023
Cybersecurity attacks in the health care sector are hitting more individuals and finding vulnerabilities in third-party partners.
π΄ 5 Best Practices for Implementing Risk-First Cybersecurity π΄
π Read
via "Dark Reading".
Embracing a risk-first mindset empowers organizations to make informed decisions, strengthen security, safeguard valuable assets, and reduce financial impact.π Read
via "Dark Reading".
Dark Reading
5 Best Practices for Implementing Risk-First Cybersecurity
Embracing a risk-first mindset empowers organizations to make informed decisions, strengthen security, safeguard valuable assets, and reduce financial impact.
βΌ CVE-2023-34040 βΌ
π Read
via "National Vulnerability Database".
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers.Specifically, an application is vulnerable when all of the following are true: * The user does notΓ configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topicBy default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32516 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu Γ’β¬β Food Ordering System Γ’β¬β Table Reservation plugin <=Γ 2.3.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32511 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin <=Γ 1.1.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32510 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <=Γ 2.2.5 versions.π Read
via "National Vulnerability Database".
π Wireshark Analyzer 4.0.8 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 4.0.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ How to Remove a Lost Device From Your Google Account π¦Ώ
π Read
via "Tech Republic".
Follow this guide to learn how to easily remove any device from your Google account and keep your account secure.π Read
via "Tech Republic".
TechRepublic
How to Remove a Lost Device From Your Google Account
Follow this guide to learn how to easily remove any device from your Google account and keep your account secure.
π¦Ώ Google AI in Workspace Adds New Zero-Trust and Digital Sovereignty Controls π¦Ώ
π Read
via "Tech Republic".
Google announced security enhancements to Google Workspace focused on enhancing threat defense controls with Google AI.π Read
via "Tech Republic".
TechRepublic
Google AI in Google Workspace Adds New Zero-Trust and Digital Sovereignty Controls
Google announced security enhancements to Google Workspace focused on enhancing threat defense controls with Google AI.