βΌ CVE-2023-36659 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).π Read
via "National Vulnerability Database".
π΄ How to Mitigate Cybersecurity Risks From Misguided Trust π΄
π Read
via "Dark Reading".
Trust is the crucial bridge between security and people, but excessive or misguided trust can pose serious security risks. π Read
via "Dark Reading".
Dark Reading
How to Mitigate Cybersecurity Risks From Misguided Trust
Trust is the crucial bridge between security and people, but excessive or misguided trust can pose serious security risks.
βΌ CVE-2022-3466 βΌ
π Read
via "National Vulnerability Database".
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42270 βΌ
π Read
via "National Vulnerability Database".
Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).π Read
via "National Vulnerability Database".
π΄ Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs π΄
π Read
via "Dark Reading".
For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.π Read
via "Dark Reading".
Dark Reading
Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs
For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.
π΄ Greater Manchester Police Hack Follows Third-Party Supplier Fumble π΄
π Read
via "Dark Reading".
This incident bears notable resemblance to an attack that occurred just last month affecting London's Metropolitan Police, raising concerns over UK cybersecurity safeguards for public safety.π Read
via "Dark Reading".
Dark Reading
Greater Manchester Police Hack Follows Third-Party Supplier Fumble
This incident bears notable resemblance to an attack that occurred just last month affecting London's Metropolitan Police, raising concerns over UK cybersecurity safeguards for public safety.
βΌ CVE-2023-28614 βΌ
π Read
via "National Vulnerability Database".
Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47848 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42398 βΌ
π Read
via "National Vulnerability Database".
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-38636 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
π΄ Okta Flaw Involved in MGM Resorts Breach, Attackers Claim π΄
π Read
via "Dark Reading".
ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.π Read
via "Dark Reading".
Dark Reading
Okta Agent Involved in MGM Resorts Breach, Attackers Claim
ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.
π΄ CISO Global Deepens Capabilities With Integrated Threat Intelligence Feed π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
CISO Global Deepens Capabilities With Integrated Threat Intelligence Feed
Scottsdale, Ariz. September 13, 2023 β CISO Global (NASDAQ: CISO), an industry leader as a managed cybersecurity and compliance provider, is expanding its capabilities by deepening its threat intelligence feed and incorporating it into existing services.β¦
π΄ Armis Launches Armis Centrixβ’, the AI-powered Cyber Exposure Management Platform π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Armis Launches Armis Centrixβ’, the AI-powered Cyber Exposure Management Platform
SAN FRANCISCO β September 13, 2023 β Armis, the asset intelligence cybersecurity company, today announced the launch of Armis Centrixβ’, the AI-powered cyber exposure management platform. Armis Centrixβ’ is a seamless, frictionless, cloud-based platform thatβ¦
π΄ Enea Qosmos Threat Detection SDK Launched to Boost the Performance of Network-Based Cybersecurity π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Enea Qosmos Threat Detection SDK Launched to Boost the Performance of Network-Based Cybersecurity
Enea, a leading provider of telecom and cybersecurity solutions, today launched the Enea Qosmos Threat Detection SDK. This revolutionary threat detection system has the potential to double performance in network-based cybersecurity solutions.
βΌ CVE-2023-37263 βΌ
π Read
via "National Vulnerability Database".
Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36479 βΌ
π Read
via "National Vulnerability Database".
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36472 βΌ
π Read
via "National Vulnerability Database".
Strapi is the an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7.π Read
via "National Vulnerability Database".
π΄ Microsoft Flushes Out 'Ncurses' Gremlins π΄
π Read
via "Dark Reading".
The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.π Read
via "Dark Reading".
Dark Reading
Microsoft Flushes Out 'Ncurses' Gremlins
The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.
π΄ DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage π΄
π Read
via "Dark Reading".
Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.π Read
via "Dark Reading".
Dark Reading
DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage
Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.
βΌ CVE-2023-41043 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0923 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.π Read
via "National Vulnerability Database".