βΌ CVE-2023-40756 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40759 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
π΄ Authentication Outage Underscores Why 'Fail Safe' Is Key π΄
π Read
via "Dark Reading".
Duo's service outage last week, impacting schools and businesses, highlights how companies should build in resiliency and business continuity into their authentication schemes.π Read
via "Dark Reading".
Dark Reading
Authentication Outage Underscores Why 'Fail Safe' Is Key
Duo's service outage last week, impacting schools and businesses, highlights how companies should build in resiliency and business continuity into their authentication schemes.
β S3 Ep149: How many cryptographers does it take to change a light bulb? β
π Read
via "Naked Security".
Latest episode - listen now! Full transcript inside...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-39708 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40846 βΌ
π Read
via "National Vulnerability Database".
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.π Read
via "National Vulnerability Database".
π΄ 5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration π΄
π Read
via "Dark Reading".
With bad guys frequently upping their game, security can't leave these protections to a once-a-year upgrade.π Read
via "Dark Reading".
Dark Reading
5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration
With bad guys frequently upping their game, security can't leave these protections to a once-a-year upgrade.
β€1π1
βΌ CVE-2023-39560 βΌ
π Read
via "National Vulnerability Database".
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1997 βΌ
π Read
via "National Vulnerability Database".
An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.π Read
via "National Vulnerability Database".
π΄ London Police Warned to Stay Vigilant Amid Major Data Breach π΄
π Read
via "Dark Reading".
Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say.π Read
via "Dark Reading".
Dark Reading
London Police Warned to Stay Vigilant Amid Major Data Breach
Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say.
π΄ Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits π΄
π Read
via "Dark Reading".
TD Ameritrade, Charles Schwab named in new class action data breach lawsuit, following last week's filing against Prudential.π Read
via "Dark Reading".
Dark Reading
Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits
TD Ameritrade, Charles Schwab named in new class action data breach lawsuit, following last week's filing against Prudential.
βΌ CVE-2023-39709 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2020-27366 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39810 βΌ
π Read
via "National Vulnerability Database".
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39562 βΌ
π Read
via "National Vulnerability Database".
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39062 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-40590 βΌ
π Read
via "National Vulnerability Database".
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\Program Files\\Git\\cmd\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable.π Read
via "National Vulnerability Database".
π¦Ώ 8 Best Identity and Access Management (IAM) Solutions for 2023 π¦Ώ
π Read
via "Tech Republic".
Identity and access management software helps you maintain control of your environment by allowing authorized users to access company resources. Learn 10 of the top IAM tools to see which might be the best fit for your business.π Read
via "Tech Republic".
TechRepublic
8 Best IAM Solutions (Updated for 2024)
Microsoft, JumpCloud and CyberArk are among the best IAM tools. Find out how these IAM solutions compare and explore use cases.
π΄ Honeywell to Acquire SCADAfence, Strengthening Its Cybersecurity Software Portfolio π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Honeywell to Acquire SCADAfence, Strengthening Its Cybersecurity Software Portfolio
CHARLOTTE, NC β July 10, 2023 β Honeywell (Nasdaq: HON) today announced it has agreed to acquire SCADAfence, a leading provider of operational technology (OT) and Internet of Things (IoT) cybersecurity solutions for monitoring large-scale networks. SCADAfenceβ¦
π΄ Cybercriminals Harness Leaked LockBit Builder in Wave of New Attacks π΄
π Read
via "Dark Reading".
Enterprising, or simply lazy, cybercriminals are using Lockbit v3 to cut corners on ransomware.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Harness Leaked LockBit Builder in Wave of New Attacks
Enterprising, or simply lazy, cybercriminals are using Lockbit v3 to cut corners on ransomware.
π΄ Motherboard Mishaps Undermine Trust, Security π΄
π Read
via "Dark Reading".
MSI and Microsoft warn about new Windows Preview blue screens on some motherboards, the latest mishap to raise questions over the reliability of hardware and firmware.π Read
via "Dark Reading".
Dark Reading
Motherboard Mishaps Undermine Trust, Security
MSI and Microsoft warn about new Windows Preview blue screens on some motherboards, the latest mishap to raise questions over the reliability of hardware and firmware.
π1