βΌ CVE-2023-4814 βΌ
π Read
via "National Vulnerability Database".
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38204 βΌ
π Read
via "National Vulnerability Database".
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38206 βΌ
π Read
via "National Vulnerability Database".
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction.π Read
via "National Vulnerability Database".
π’ Dutch football association admits paying LockBit in βApril Foolsβ ransomware attack π’
π Read
via "ITPro".
The national governing body offered a rare candid account of the ransomware attack, the full scale of which is still unknown π Read
via "ITPro".
ITPro
Dutch football association admits paying LockBit in βApril Foolsβ ransomware attack
The national governing body offered a rare candid account of the ransomware attack, the full scale of which is still unknown
βΌ CVE-2023-38557 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38558 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.π Read
via "National Vulnerability Database".
π΄ 'Scattered Spider' Behind MGM Cyberattack, Targets Casinos π΄
π Read
via "Dark Reading".
The ransomware group is a collection of young adults, and also recently breached Caesars Entertainment and made a ransom score in the tens of millions range.π Read
via "Dark Reading".
Dark Reading
'Scattered Spider' Behind MGM Cyberattack, Targets Casinos
The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions.
π¦Ώ Conversational AI Company Uniphore Leverages Red Box Acquisition for New Data Collection Tool π¦Ώ
π Read
via "Tech Republic".
Red Box provides the open architecture for data capture. Uniphore then feeds that data into U-Capture, its conversational AI automation tool.π Read
via "Tech Republic".
TechRepublic
Conversational AI Company Uniphore Leverages Red Box Acquisition for New Data Collection Tool
Red Box provides the open architecture for data capture. Uniphore then feeds that data into U-Capture, its conversational AI automation tool.
π΄ Professional Sports: The Next Frontier of Cybersecurity? π΄
π Read
via "Dark Reading".
Sports teams, major leagues, global sporting associations, and entertainment venues are all home to valuable personal and business data. Here's how to keep them safe. π Read
via "Dark Reading".
Dark Reading
Professional Sports: The Next Frontier of Cybersecurity?
Sports teams, major leagues, global sporting associations, and entertainment venues are all home to valuable personal and business data. Here's how to keep them safe.
π Suricata IDPE 7.0.1 π
π Read
via "Packet Storm Security".
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.π Read
via "Packet Storm Security".
Packetstormsecurity
Suricata IDPE 7.0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
π΄ Cybersecurity and Compliance in the Age of AI π΄
π Read
via "Dark Reading".
It takes a diverse village of experts to enact effective cybersecurity guidelines, practices, and processes.π Read
via "Dark Reading".
Dark Reading
Cybersecurity and Compliance in the Age of AI
It takes a diverse village of experts to enact effective cybersecurity guidelines, practices, and processes.
βΌ CVE-2023-2848 βΌ
π Read
via "National Vulnerability Database".
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.π Read
via "National Vulnerability Database".
π΄ Mideast Retailers Dogged by Scam Facebook Pages Offering 'Investment' Opportunities π΄
π Read
via "Dark Reading".
Around 900 pages were identified as using Arabic language and familiar brand names to snare users and steal their money and personal details β presenting big brand protection issues for retailers.π Read
via "Dark Reading".
Dark Reading
Mideast Retailers Dogged by Scam Facebook Pages Offering 'Investment' Opportunities
Around 900 pages were identified as using Arabic language and familiar brand names to snare users and steal their money and personal details β presenting big brand protection issues for retailers.
βΌ CVE-2023-30909 βΌ
π Read
via "National Vulnerability Database".
A remote authentication bypass issue exists in someOneView APIs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28485 βΌ
π Read
via "National Vulnerability Database".
Ericsson Mobile Switching Center Server (MSC-S) BC 18A and IS 3.1 releases before IS 3.1 CP22 allows Directory Traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1108 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.π Read
via "National Vulnerability Database".
π΄ How to Transform Security Awareness Into Security Culture π΄
π Read
via "Dark Reading".
Leverage the human layer as a crucial cog in building cyber resilience within the organization.π Read
via "Dark Reading".
Dark Reading
How to Transform Security Awareness Into Security Culture
Leverage the human layer as a crucial cog in building cyber resilience within the organization.
π΄ Stealer Thugs Behind RedLine & Vidar Pivot to Ransomware π΄
π Read
via "Dark Reading".
In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.π Read
via "Dark Reading".
Dark Reading
Stealer Thugs Behind RedLine & Vidar Pivot to Ransomware
In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.
βΌ CVE-2023-42178 βΌ
π Read
via "National Vulnerability Database".
Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36250 βΌ
π Read
via "National Vulnerability Database".
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-42180 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file.π Read
via "National Vulnerability Database".