π΄ 5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration π΄
π Read
via "Dark Reading".
With bad guys frequently upping their game, security can't leave these protections to a once-a-year upgrade.π Read
via "Dark Reading".
Dark Reading
5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration
With bad guys frequently upping their game, security can't leave these protections to a once-a-year upgrade.
β€1π1
βΌ CVE-2023-39560 βΌ
π Read
via "National Vulnerability Database".
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1997 βΌ
π Read
via "National Vulnerability Database".
An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.π Read
via "National Vulnerability Database".
π΄ London Police Warned to Stay Vigilant Amid Major Data Breach π΄
π Read
via "Dark Reading".
Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say.π Read
via "Dark Reading".
Dark Reading
London Police Warned to Stay Vigilant Amid Major Data Breach
Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say.
π΄ Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits π΄
π Read
via "Dark Reading".
TD Ameritrade, Charles Schwab named in new class action data breach lawsuit, following last week's filing against Prudential.π Read
via "Dark Reading".
Dark Reading
Financial Firms Breached in MOVEit Cyberattacks Now Face Lawsuits
TD Ameritrade, Charles Schwab named in new class action data breach lawsuit, following last week's filing against Prudential.
βΌ CVE-2023-39709 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2020-27366 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39810 βΌ
π Read
via "National Vulnerability Database".
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39562 βΌ
π Read
via "National Vulnerability Database".
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39062 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-40590 βΌ
π Read
via "National Vulnerability Database".
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\Program Files\\Git\\cmd\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable.π Read
via "National Vulnerability Database".
π¦Ώ 8 Best Identity and Access Management (IAM) Solutions for 2023 π¦Ώ
π Read
via "Tech Republic".
Identity and access management software helps you maintain control of your environment by allowing authorized users to access company resources. Learn 10 of the top IAM tools to see which might be the best fit for your business.π Read
via "Tech Republic".
TechRepublic
8 Best IAM Solutions (Updated for 2024)
Microsoft, JumpCloud and CyberArk are among the best IAM tools. Find out how these IAM solutions compare and explore use cases.
π΄ Honeywell to Acquire SCADAfence, Strengthening Its Cybersecurity Software Portfolio π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Honeywell to Acquire SCADAfence, Strengthening Its Cybersecurity Software Portfolio
CHARLOTTE, NC β July 10, 2023 β Honeywell (Nasdaq: HON) today announced it has agreed to acquire SCADAfence, a leading provider of operational technology (OT) and Internet of Things (IoT) cybersecurity solutions for monitoring large-scale networks. SCADAfenceβ¦
π΄ Cybercriminals Harness Leaked LockBit Builder in Wave of New Attacks π΄
π Read
via "Dark Reading".
Enterprising, or simply lazy, cybercriminals are using Lockbit v3 to cut corners on ransomware.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Harness Leaked LockBit Builder in Wave of New Attacks
Enterprising, or simply lazy, cybercriminals are using Lockbit v3 to cut corners on ransomware.
π΄ Motherboard Mishaps Undermine Trust, Security π΄
π Read
via "Dark Reading".
MSI and Microsoft warn about new Windows Preview blue screens on some motherboards, the latest mishap to raise questions over the reliability of hardware and firmware.π Read
via "Dark Reading".
Dark Reading
Motherboard Mishaps Undermine Trust, Security
MSI and Microsoft warn about new Windows Preview blue screens on some motherboards, the latest mishap to raise questions over the reliability of hardware and firmware.
π1
π΄ BreachLock Intelligence Report Reveals Critical Insights From Thousands of Penetration Tests π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
BreachLock Intelligence Report Reveals Critical Insights From Thousands of Penetration Tests
NEW YORK, Aug. 28, 2023 /PRNewswire/ -- BreachLock, the global leader in Penetration Testing Services, announces the release of its highly anticipated 2023 BreachLock Penetration Testing Intelligence Report.
π¦Ώ OpenAI Debuts ChatGPT Enterprise, touting better privacy for business π¦Ώ
π Read
via "Tech Republic".
Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.π Read
via "Tech Republic".
TechRepublic
OpenAI Debuts ChatGPT Enterprise, Touting Better Privacy for Business
Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.
βΌ CVE-2023-38969 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39578 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39652 βΌ
π Read
via "National Vulnerability Database".
theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().π Read
via "National Vulnerability Database".
βΌ CVE-2023-40170 βΌ
π Read
via "National Vulnerability Database".
jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.π Read
via "National Vulnerability Database".