βΌ CVE-2023-40828 βΌ
π Read
via "National Vulnerability Database".
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41005 βΌ
π Read
via "National Vulnerability Database".
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2023-40998 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40825 βΌ
π Read
via "National Vulnerability Database".
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40997 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41358 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41359 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1995 βΌ
π Read
via "National Vulnerability Database".
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41360 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41361 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23773 βΌ
π Read
via "National Vulnerability Database".
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41363 βΌ
π Read
via "National Vulnerability Database".
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.π Read
via "National Vulnerability Database".
π¦Ώ OpenAI Debuts ChatGPT Enterprise, Touting Better Privacy for Business π¦Ώ
π Read
via "Tech Republic".
Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.π Read
via "Tech Republic".
TechRepublic
OpenAI Debuts ChatGPT Enterprise, Touting Better Privacy for Business
Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.
π΄ Here's What Your Breach Response Plan Might Be Missing π΄
π Read
via "Dark Reading".
The best way to withstand a data breach is to be prepared. Here are four elements that are easily overlooked in breach response plans.π Read
via "Dark Reading".
Dark Reading
Here's What Your Breach Response Plan Might Be Missing
The best way to withstand a data breach is to be prepared. Here are four elements that are easily overlooked in breach response plans.
π1
βΌ CVE-2023-40787 βΌ
π Read
via "National Vulnerability Database".
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.π Read
via "National Vulnerability Database".
π΄ Kroll's Crypto Breach Highlights SIM-Swapping Risk π΄
π Read
via "Dark Reading".
Information was exposed on hundreds of crypto-related bankruptcy claimants in proceedings involving FTX, Genesis, and BlockFI.π Read
via "Dark Reading".
Dark Reading
Kroll's Crypto Breach Highlights SIM-Swapping Risk
Information was exposed on hundreds of crypto-related bankruptcy claimants in proceedings involving FTX, Genesis, and BlockFI.
π¦Ώ Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits π¦Ώ
π Read
via "Tech Republic".
A new study found that 4.31% of phishing attacks mimicked Microsoft, far ahead of the second most-spoofed brand PayPal.π Read
via "Tech Republic".
TechRepublic
Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits
A new study from Abnormal found that 4.31% of phishing attacks mimicked Microsoft, far ahead of second most-spoofed brand PayPal.
β Momβs Meals issues βNotice of Data Eventβ: What to know and what to do β
π Read
via "Naked Security".
It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Clam AntiVirus Toolkit 1.2.0 π
π Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 1.2.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TOR Virtual Network Tunneling Tool 0.4.8.4 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.8.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Addressing Cybersecurity's Talent Shortage & Its Impact on CISOs π΄
π Read
via "Dark Reading".
CISOs need to educate all arms of the business on security best practices so it becomes part of the business culture, thus expanding who's keeping watch. Automating routine tasks will help scale security. π Read
via "Dark Reading".
Dark Reading
Addressing Cybersecurity's Talent Shortage & Its Impact on CISOs
CISOs need to educate all arms of the business on security best practices so it becomes part of the business culture, thus expanding who's keeping watch. Automating routine tasks will help scale security.