🕴 Why Identity Management Is the Key to Stopping APT Cyberattacks 🕴
📖 Read
via "Dark Reading".
Dark Reading News Desk: CrowdStrike's Adam Meyers talks China, Iran, Russia, and more in this expert dive into the current APT threat actor landscape.📖 Read
via "Dark Reading".
Dark Reading
Why Identity Management Is the Key to Stopping APT Cyberattacks
Dark Reading News Desk: CrowdStrike's Adam Meyers talks China, Iran, Russia, and more in this expert dive into the current APT threat actor landscape.
‼ CVE-2023-38891 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40869 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40868 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47631 ‼
📖 Read
via "National Vulnerability Database".
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42405 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41592 ‼
📖 Read
via "National Vulnerability Database".
Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39638 ‼
📖 Read
via "National Vulnerability Database".
D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-36657 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36658 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32461 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. Â 📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3378 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4231 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36659 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).📖 Read
via "National Vulnerability Database".
🕴 How to Mitigate Cybersecurity Risks From Misguided Trust 🕴
📖 Read
via "Dark Reading".
Trust is the crucial bridge between security and people, but excessive or misguided trust can pose serious security risks. 📖 Read
via "Dark Reading".
Dark Reading
How to Mitigate Cybersecurity Risks From Misguided Trust
Trust is the crucial bridge between security and people, but excessive or misguided trust can pose serious security risks.
‼ CVE-2022-3466 ‼
📖 Read
via "National Vulnerability Database".
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42270 ‼
📖 Read
via "National Vulnerability Database".
Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).📖 Read
via "National Vulnerability Database".
🕴 Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs 🕴
📖 Read
via "Dark Reading".
For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.📖 Read
via "Dark Reading".
Dark Reading
Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs
For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.
🕴 Greater Manchester Police Hack Follows Third-Party Supplier Fumble 🕴
📖 Read
via "Dark Reading".
This incident bears notable resemblance to an attack that occurred just last month affecting London's Metropolitan Police, raising concerns over UK cybersecurity safeguards for public safety.📖 Read
via "Dark Reading".
Dark Reading
Greater Manchester Police Hack Follows Third-Party Supplier Fumble
This incident bears notable resemblance to an attack that occurred just last month affecting London's Metropolitan Police, raising concerns over UK cybersecurity safeguards for public safety.
‼ CVE-2023-28614 ‼
📖 Read
via "National Vulnerability Database".
Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47848 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service.📖 Read
via "National Vulnerability Database".