βΌ CVE-2023-41363 βΌ
π Read
via "National Vulnerability Database".
In Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.π Read
via "National Vulnerability Database".
π¦Ώ OpenAI Debuts ChatGPT Enterprise, Touting Better Privacy for Business π¦Ώ
π Read
via "Tech Republic".
Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.π Read
via "Tech Republic".
TechRepublic
OpenAI Debuts ChatGPT Enterprise, Touting Better Privacy for Business
Data from ChatGPT Enterprise will not be used to train the popular chatbot. Plus, admins can manage access.
π΄ Here's What Your Breach Response Plan Might Be Missing π΄
π Read
via "Dark Reading".
The best way to withstand a data breach is to be prepared. Here are four elements that are easily overlooked in breach response plans.π Read
via "Dark Reading".
Dark Reading
Here's What Your Breach Response Plan Might Be Missing
The best way to withstand a data breach is to be prepared. Here are four elements that are easily overlooked in breach response plans.
π1
βΌ CVE-2023-40787 βΌ
π Read
via "National Vulnerability Database".
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.π Read
via "National Vulnerability Database".
π΄ Kroll's Crypto Breach Highlights SIM-Swapping Risk π΄
π Read
via "Dark Reading".
Information was exposed on hundreds of crypto-related bankruptcy claimants in proceedings involving FTX, Genesis, and BlockFI.π Read
via "Dark Reading".
Dark Reading
Kroll's Crypto Breach Highlights SIM-Swapping Risk
Information was exposed on hundreds of crypto-related bankruptcy claimants in proceedings involving FTX, Genesis, and BlockFI.
π¦Ώ Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits π¦Ώ
π Read
via "Tech Republic".
A new study found that 4.31% of phishing attacks mimicked Microsoft, far ahead of the second most-spoofed brand PayPal.π Read
via "Tech Republic".
TechRepublic
Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits
A new study from Abnormal found that 4.31% of phishing attacks mimicked Microsoft, far ahead of second most-spoofed brand PayPal.
β Momβs Meals issues βNotice of Data Eventβ: What to know and what to do β
π Read
via "Naked Security".
It took six months for notifications to start, and we still don't know exactly what went down... but here's our advice on what to do.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Clam AntiVirus Toolkit 1.2.0 π
π Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 1.2.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TOR Virtual Network Tunneling Tool 0.4.8.4 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.8.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Addressing Cybersecurity's Talent Shortage & Its Impact on CISOs π΄
π Read
via "Dark Reading".
CISOs need to educate all arms of the business on security best practices so it becomes part of the business culture, thus expanding who's keeping watch. Automating routine tasks will help scale security. π Read
via "Dark Reading".
Dark Reading
Addressing Cybersecurity's Talent Shortage & Its Impact on CISOs
CISOs need to educate all arms of the business on security best practices so it becomes part of the business culture, thus expanding who's keeping watch. Automating routine tasks will help scale security.
π¦Ώ Google Applies Generative AI Tools to Cloud Security π¦Ώ
π Read
via "Tech Republic".
At the Google Next '23 conference, the company announced a slew of AI-powered cybersecurity solutions for the cloud, featuring Duet AI, Mandiant and Chronicle Security Operations.π Read
via "Tech Republic".
TechRepublic
Google Applies Generative AI Tools to Cloud Security
At the Google Next conference, Google announced AI-powered cybersecurity solutions for the cloud with Duet AI, Mandiant and Chronicle Security Operations.
βΌ CVE-2023-41376 βΌ
π Read
via "National Vulnerability Database".
Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38283 βΌ
π Read
via "National Vulnerability Database".
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41037 βΌ
π Read
via "National Vulnerability Database".
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the "Hash: ..." texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a "sanitised" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38802 βΌ
π Read
via "National Vulnerability Database".
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).π Read
via "National Vulnerability Database".
βΌ CVE-2023-3646 βΌ
π Read
via "National Vulnerability Database".
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39616 βΌ
π Read
via "National Vulnerability Database".
AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24548 βΌ
π Read
via "National Vulnerability Database".
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39615 βΌ
π Read
via "National Vulnerability Database".
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40889 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41362 βΌ
π Read
via "National Vulnerability Database".
MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.π Read
via "National Vulnerability Database".