βΌ CVE-2022-30638 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30644 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44195 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30646 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30640 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44193 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30641 βΌ
π Read
via "National Vulnerability Database".
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
π΄ How New SEC Rules Can Benefit Cybersecurity Teams π΄
π Read
via "Dark Reading".
Securities and Exchange Commission rules elevate cybersecurity to a critical strategic concern and compel businesses to prioritize cyber resilience.π Read
via "Dark Reading".
Dark Reading
How New SEC Rules Can Benefit Cybersecurity Teams
Securities and Exchange Commission rules elevate cybersecurity to a critical strategic concern and compel businesses to prioritize cyber resilience.
βΌ CVE-2023-40060 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4.Γ SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-30800 βΌ
π Read
via "National Vulnerability Database".
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.π Read
via "National Vulnerability Database".
π΄ Weaponized Windows Installers Target Graphic Designers in Crypto Heist π΄
π Read
via "Dark Reading".
Attackers use legitimate Windows installer to hide malicious scripts that install a backdoor and miners that leverage victims' graphics processing power.π Read
via "Dark Reading".
Dark Reading
Weaponized Windows Installers Target Graphic Designers in Crypto Heist
Attackers use legitimate Windows installer to hide malicious scripts that install a backdoor and miners that leverage victims' graphics processing power.
π¦Ώ Patch βEm or Weep: Study Reveals Most Vulnerable IoT, Connected Assets π¦Ώ
π Read
via "Tech Republic".
Phones, tablets and workstations with unpatched CVEs are a clear and present danger. New Armis study lists the most vulnerable.π Read
via "Tech Republic".
TechRepublic
Patch 'Em or Weep: Study Reveals Most Vulnerable IoT, Connected Assets
Phones, tablets and workstations with unpatched CVEs are a clear and present danger. New Armis study lists the most vulnerable.
π΄ NFL Security Chief: Generative AI Threats a Concern as New Season Kicks Off π΄
π Read
via "Dark Reading".
Deepfake videos and audio of NFL players and phishing communications via ChatGPT-like tools are a worry, the NFL's CISO says.π Read
via "Dark Reading".
Dark Reading
NFL Security Chief: Generative AI Threats a Concern as New Season Kicks Off
Deepfake videos and audio of NFL players and phishing communications via ChatGPT-like tools are a worry, the NFL's CISO says.
π΄ Rwanda Launches Smart City Investment Program π΄
π Read
via "Dark Reading".
The ambitious move by the nation also comes with cybersecurity risks.π Read
via "Dark Reading".
Dark Reading
Rwanda Launches Smart-City Investment Program
The ambitious move by the nation also comes with cybersecurity risks.
βΌ CVE-2023-41064 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-41061 βΌ
π Read
via "National Vulnerability Database".
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4528 βΌ
π Read
via "National Vulnerability Database".
Unsafe deserialization in JSCAPE MFT Server versions prior toΓ 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interfaceπ Read
via "National Vulnerability Database".
βΌ CVE-2023-4685 βΌ
π Read
via "National Vulnerability Database".
Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37798 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.π Read
via "National Vulnerability Database".
π΄ Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain π΄
π Read
via "Dark Reading".
Researchers at Citizen Lab recommend immediately updating any iPhones and iPads to the latest OSes. π Read
via "Dark Reading".
Dark Reading
Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain
Researchers at Citizen Lab recommend immediately updating any iPhones and iPads to the latest OSes.
π΄ North Korean Hackers Target Security Researchers β Again π΄
π Read
via "Dark Reading".
This time, they're creating elaborate impostor profiles and using a fresh zero-day and a fake Windows tool to lure in the suspecting.π Read
via "Dark Reading".
Dark Reading
North Korean Hackers Target Security Researchers β Again
This time, they're creating elaborate impostor profiles and using a fresh zero-day and a fake Windows tool to lure in the suspecting.