βΌ CVE-2023-34577 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42805 βΌ
π Read
via "National Vulnerability Database".
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42806 βΌ
π Read
via "National Vulnerability Database".
Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42458 βΌ
π Read
via "National Vulnerability Database".
Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the "Add Documents, Images, and Files" permission is only assigned to trusted roles. By default, only the Manager has this permission.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-42807 βΌ
π Read
via "National Vulnerability Database".
Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42456 βΌ
π Read
via "National Vulnerability Database".
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user).An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system.An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames.The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values.The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue.π Read
via "National Vulnerability Database".
π΄ MGM Restores Casino Operations 10 Days After Cyberattack π΄
π Read
via "Dark Reading".
The lost revenue due to downtime for gaming and hotel bookings is difficult to ballpark.π Read
via "Dark Reading".
Dark Reading
MGM Restores Casino Operations 10 Days After Cyberattack
The lost revenue due to downtime for gaming and hotel bookings is difficult to ballpark.
π΄ OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats
Tampa, FL β September 21, 2023 β OPSWAT, a leader in critical infrastructure protection (CIP) cybersecurity solutions, sponsored the SANS 2023 ICS/OT Cybersecurity Survey, which unveils a distinct reality: despite notable improvements in defense strategiesβ¦
π΄ T-Mobile Racks Up Third Consumer Data Exposure of 2023 π΄
π Read
via "Dark Reading".
The mobile company states that the issue was due to a glitch that occurred in an update.π Read
via "Dark Reading".
Dark Reading
T-Mobile Racks Up Third Consumer Data Exposure of 2023
The mobile company states that the issue was due to a glitch that occurred in an update.
βΌ CVE-2023-41992 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42279 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS 4.1.3 is vulnerable to SQL Injection.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-41991 βΌ
π Read
via "National Vulnerability Database".
A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42810 βΌ
π Read
via "National Vulnerability Database".
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).π Read
via "National Vulnerability Database".
βΌ CVE-2023-42280 βΌ
π Read
via "National Vulnerability Database".
mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41993 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.π Read
via "National Vulnerability Database".
π΄ 'Gold Melody' Access Broker Plays on Unpatched Servers' Strings π΄
π Read
via "Dark Reading".
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.π Read
via "Dark Reading".
Dark Reading
'Gold Melody' Access Broker Plays on Unpatched Servers' Strings
A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.
π΄ What Does Socrates Have to Do With CPM? π΄
π Read
via "Dark Reading".
It's time to focus on the "P" in cybersecurity performance management.π Read
via "Dark Reading".
Dark Reading
What Does Socrates Have to Do With CPM?
It's time to focus on the "P" in cybersecurity performance management.
π΄ Salvador Technologies Wins Funding for $2.2M Cybersecurity Project From BIRD Foundation π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Salvador Technologies Wins Funding for $2.2M Cybersecurity Project From BIRD Foundation
Rehovot, Israel (September 21, 2023) β Salvador Technologies, the innovative provider of the first Instant and Safe Cyber-Attack Recovery Platform for Critical Assets and Operational Technologies (OT), today announced that the company has won funding forβ¦
π΄ Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor π΄
π Read
via "Dark Reading".
The Sandman group's main malware is among the very few that use the Lua scripting language and its just-in-time compiler.π Read
via "Dark Reading".
Dark Reading
Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor
The Sandman group's main malware is among the very few that use the Lua scripting language and its just-in-time compiler.
βΌ CVE-2023-34576 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38343 βΌ
π Read
via "National Vulnerability Database".
An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.π Read
via "National Vulnerability Database".