βΌ CVE-2023-32591 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <=Γ 3.0.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32756 βΌ
π Read
via "National Vulnerability Database".
e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but canΓ’β¬β’t control system or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32757 βΌ
π Read
via "National Vulnerability Database".
e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.π Read
via "National Vulnerability Database".
π’ FBI alerts Barracuda customers after ineffective patch π’
π Read
via "ITPro".
Despite issuing a patch in May, Barracuda ESG appliance users are still at high risk π Read
via "ITPro".
ITPro
FBI alerts Barracuda customers after ineffective patch
Despite issuing a patch in May, Barracuda ESG appliance users are still at high risk
βΌ CVE-2023-32575 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <=Γ 1.3.25 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32596 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <=Γ 1.0.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4478 βΌ
π Read
via "National Vulnerability Database".
Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32595 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <=Γ 1.0.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25981 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <=Γ 2.8.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24394 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <=Γ 3.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25649 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.π Read
via "National Vulnerability Database".
π΄ Is Bias in AI Algorithms a Threat to Cloud Security? π΄
π Read
via "Dark Reading".
Using AI for threat detection and response is essential β but it can't replace human intelligence, expertise, and intuition.π Read
via "Dark Reading".
Dark Reading
Is Bias in AI Algorithms a Threat to Cloud Security?
Using AI for threat detection and response is essential β but it can't replace human intelligence, expertise, and intuition.
π’ NIST aims to quantum-proof encryption with new algorithms π’
π Read
via "ITPro".
Three algorithms are now in draft and more are on the way to bolster enterprise defenses π Read
via "ITPro".
ITPro
NIST aims to quantum-proof encryption with new algorithms
Three algorithms are now in draft and more are on the way to bolster enterprise defenses
π’ Encouraging a security-first mindset π’
π Read
via "ITPro".
Security has to be seen from a business perspective as well as a technical one π Read
via "ITPro".
ITPro
Encouraging a security-first mindset
Security has to be seen from a business perspective as well as a technical one
βοΈ Kroll Employee SIM-Swapped for Crypto Investor Data βοΈ
π Read
via "Krebs on Security".
Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. And there are indications that fraudsters may already be exploiting the stolen data in phishing attacks.Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack targeting an employee of Kroll -- the company handling both firms' bankruptcy restructuring.π Read
via "Krebs on Security".
Krebs on Security
Kroll Employee SIM-Swapped for Crypto Investor Data
Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings.β¦
π΄ 'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds π΄
π Read
via "Dark Reading".
Deployed by the infamous SmokeLoader botnet, the location-tracking malware could be used for a host of follow-on cyberattacks or even physical targeting.π Read
via "Dark Reading".
Dark Reading
'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds
Deployed by the infamous SmokeLoader botnet, the location-tracking malware could be used for a host of follow-on cyberattacks or even physical targeting.
βΌ CVE-2023-40797 βΌ
π Read
via "National Vulnerability Database".
In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38201 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.π Read
via "National Vulnerability Database".
βΌ CVE-2020-11711 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40796 βΌ
π Read
via "National Vulnerability Database".
Phicomm k2 v22.6.529.216 is vulnerable to command injection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40798 βΌ
π Read
via "National Vulnerability Database".
In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.π Read
via "National Vulnerability Database".