‼ CVE-2023-39076 ‼
📖 Read
via "National Vulnerability Database".
Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system.📖 Read
via "National Vulnerability Database".
🕴 3 Strategies to Defend Against Resurging Infostealers 🕴
📖 Read
via "Dark Reading".
Infostealer incidents have more than doubled recently, making it critical to bolster your defenses to mitigate this growing threat.📖 Read
via "Dark Reading".
Dark Reading
3 Strategies to Defend Against Resurging Infostealers
Infostealer incidents have more than doubled recently, making it critical to bolster your defenses to mitigate this growing threat.
🕴 Kenya Initiates Public Sector Digital Skills Training, No Mention of Cybersecurity 🕴
📖 Read
via "Dark Reading".
Training will cover cloud skills and working in a paperless environment, but any mention of a cybersecurity element is conspicuously lacking.📖 Read
via "Dark Reading".
Dark Reading
Kenya Initiates Public Sector Digital Skills Training, No Mention of Cybersecurity
Training will cover cloud skills and working in a paperless environment, but any mention of a cybersecurity element is conspicuously lacking.
🦿 Cisco: Booming identity market driven by leadership awareness 🦿
📖 Read
via "Tech Republic".
A new study by Cisco Investments with venture capital firms finds that most CISOs find complexity of tools, number of solutions and users, and even jargon a barrier to zero trust.📖 Read
via "Tech Republic".
TechRepublic
Cisco: Booming identity market driven by leadership awareness
A new study by Cisco Investments with venture capital firms finds that the complexity of most CISOs is a barrier to zero trust.
‼ CVE-2023-39320 ‼
📖 Read
via "National Vulnerability Database".
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4843 ‼
📖 Read
via "National Vulnerability Database".
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39319 ‼
📖 Read
via "National Vulnerability Database".
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39321 ‼
📖 Read
via "National Vulnerability Database".
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39322 ‼
📖 Read
via "National Vulnerability Database".
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39318 ‼
📖 Read
via "National Vulnerability Database".
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.📖 Read
via "National Vulnerability Database".
🕴 'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users 🕴
📖 Read
via "Dark Reading".
Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.📖 Read
via "Dark Reading".
Dark Reading
'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users
Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.
🕴 Critical Security Bug Opens Cisco BroadWorks to Complete Takeover 🕴
📖 Read
via "Dark Reading".
Cyberattackers could exploit CVE-2023-20238 to carry out a variety of nefarious deeds, from data theft and code execution to phishing, fraud, and DoS.📖 Read
via "Dark Reading".
Dark Reading
Critical Security Bug Opens Cisco BroadWorks to Complete Takeover
Cyberattackers could exploit CVE-2023-20238 to carry out a variety of nefarious deeds, from data theft and code execution to phishing, fraud, and DoS.
🦿 Australian Data Breach Costs are Rising — What Can IT Leaders Do? 🦿
📖 Read
via "Tech Republic".
Australian data breach costs have jumped over the last five years to $2.57 million USD, according to IBM. Prioritizing DevSecOps and incident response planning can help IT leaders minimize the financial risk.📖 Read
via "Tech Republic".
TechRepublic
Australian Data Breach Costs are Rising — What Can IT Leaders Do?
Prioritizing DevSecOps and incident response planning can help Australian IT leaders minimize the financial risk of a data breach.
‼ CVE-2023-41578 ‼
📖 Read
via "National Vulnerability Database".
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38736 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28010 ‼
📖 Read
via "National Vulnerability Database".
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41575 ‼
📖 Read
via "National Vulnerability Database".
Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42268 ‼
📖 Read
via "National Vulnerability Database".
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41338 ‼
📖 Read
via "National Vulnerability Database".
Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4782 ‼
📖 Read
via "National Vulnerability Database".
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39712 ‼
📖 Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section.📖 Read
via "National Vulnerability Database".
❤1