βΌ CVE-2023-41359 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1995 βΌ
π Read
via "National Vulnerability Database".
Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41360 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41361 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23773 βΌ
π Read
via "National Vulnerability Database".
Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41363 βΌ
π Read
via "National Vulnerability Database".
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.π Read
via "National Vulnerability Database".
π¦Ώ OpenAI Debuts ChatGPT Enterprise, Touting Better Privacy for Business π¦Ώ
π Read
via "Tech Republic".
Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.π Read
via "Tech Republic".
TechRepublic
OpenAI Debuts ChatGPT Enterprise, Touting Better Privacy for Business
Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.
π΄ Here's What Your Breach Response Plan Might Be Missing π΄
π Read
via "Dark Reading".
The best way to withstand a data breach is to be prepared. Here are four elements that are easily overlooked in breach response plans.π Read
via "Dark Reading".
Dark Reading
Here's What Your Breach Response Plan Might Be Missing
The best way to withstand a data breach is to be prepared. Here are four elements that are easily overlooked in breach response plans.
π1
βΌ CVE-2023-40787 βΌ
π Read
via "National Vulnerability Database".
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.π Read
via "National Vulnerability Database".
π΄ Kroll's Crypto Breach Highlights SIM-Swapping Risk π΄
π Read
via "Dark Reading".
Information was exposed on hundreds of crypto-related bankruptcy claimants in proceedings involving FTX, Genesis, and BlockFI.π Read
via "Dark Reading".
Dark Reading
Kroll's Crypto Breach Highlights SIM-Swapping Risk
Information was exposed on hundreds of crypto-related bankruptcy claimants in proceedings involving FTX, Genesis, and BlockFI.
π¦Ώ Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits π¦Ώ
π Read
via "Tech Republic".
A new study found that 4.31% of phishing attacks mimicked Microsoft, far ahead of the second most-spoofed brand PayPal.π Read
via "Tech Republic".
TechRepublic
Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits
A new study from Abnormal found that 4.31% of phishing attacks mimicked Microsoft, far ahead of second most-spoofed brand PayPal.
β Momβs Meals issues βNotice of Data Eventβ: What to know and what to do β
π Read
via "Naked Security".
It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Clam AntiVirus Toolkit 1.2.0 π
π Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 1.2.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TOR Virtual Network Tunneling Tool 0.4.8.4 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.8.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Addressing Cybersecurity's Talent Shortage & Its Impact on CISOs π΄
π Read
via "Dark Reading".
CISOs need to educate all arms of the business on security best practices so it becomes part of the business culture, thus expanding who's keeping watch. Automating routine tasks will help scale security. π Read
via "Dark Reading".
Dark Reading
Addressing Cybersecurity's Talent Shortage & Its Impact on CISOs
CISOs need to educate all arms of the business on security best practices so it becomes part of the business culture, thus expanding who's keeping watch. Automating routine tasks will help scale security.
π¦Ώ Google Applies Generative AI Tools to Cloud Security π¦Ώ
π Read
via "Tech Republic".
At the Google Next '23 conference, the company announced a slew of AI-powered cybersecurity solutions for the cloud, featuring Duet AI, Mandiant and Chronicle Security Operations.π Read
via "Tech Republic".
TechRepublic
Google Applies Generative AI Tools to Cloud Security
At the Google Next conference, Google announced AI-powered cybersecurity solutions for the cloud with Duet AI, Mandiant and Chronicle Security Operations.
βΌ CVE-2023-41376 βΌ
π Read
via "National Vulnerability Database".
Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38283 βΌ
π Read
via "National Vulnerability Database".
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41037 βΌ
π Read
via "National Vulnerability Database".
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the "Hash: ..." texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a "sanitised" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38802 βΌ
π Read
via "National Vulnerability Database".
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).π Read
via "National Vulnerability Database".
βΌ CVE-2023-3646 βΌ
π Read
via "National Vulnerability Database".
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.π Read
via "National Vulnerability Database".