‼ CVE-2023-44387 ‼
📖 Read
via "National Vulnerability Database".
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.📖 Read
via "National Vulnerability Database".
🕴 Group-IB: 'GoldDigger' Banking Trojan Targets Vietnamese Organizations 🕴
📖 Read
via "Dark Reading".
The malware uses software to evade detection while also making it difficult to analyze.📖 Read
via "Dark Reading".
Dark Reading
Group-IB: 'GoldDigger' Banking Trojan Targets Vietnamese Organizations
The malware uses software to evade detection while also making it difficult to analyze.
🕴 Madagascar Drops Predator Spyware on Citizens in Watering Hole Attack 🕴
📖 Read
via "Dark Reading".
The Predator spyware was distributed by dropping malicious links inside typosquatted facsimiles of news websites.📖 Read
via "Dark Reading".
Dark Reading
Madagascar Drops Predator Spyware on Citizens in Watering Hole Attack
The Predator spyware was distributed by dropping malicious links inside typosquatted facsimiles of news websites.
🦿 Microsoft Redesigns OneDrive for Business Layout 🦿
📖 Read
via "Tech Republic".
Microsoft OneDrive is adding new SharePoint features and will let the Copilot AI summarize and interpret files.📖 Read
via "Tech Republic".
TechRepublic
Microsoft Redesigns OneDrive for Business Layout
Microsoft OneDrive is adding new SharePoint features and will let the Copilot AI summarize and interpret files.
🕴 10 Routine Security Gaffes the Feds Are Begging You to Fix 🕴
📖 Read
via "Dark Reading".
Here are the most common misconfigurations plaguing large organizations, according to a new joint cybersecurity advisory. 📖 Read
via "Dark Reading".
Dark Reading
10 Routine Security Gaffes the Feds Are Begging You to Fix
Here are the most common misconfigurations plaguing large organizations, according to a new joint cybersecurity advisory.
🕴 Legions of Critical Infrastructure Devices Subject to Cyber Targeting 🕴
📖 Read
via "Dark Reading".
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.📖 Read
via "Dark Reading".
Dark Reading
Legions of Critical Infrastructure Devices Subject to Cyber Targeting
Nearly 100,000 ICS devices have been found open to the public Internet, potentially threatening physical safety globally. Here's how to quantify the risk.
🕴 'Operation Jacana' Reveals DinodasRAT Custom Backdoor 🕴
📖 Read
via "Dark Reading".
The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.📖 Read
via "Dark Reading".
Dark Reading
'Operation Jacana' Reveals DinodasRAT Custom Backdoor
The previously undocumented data exfiltration malware was part of a successful cyber-espionage campaign against the Guyanese government, likely by the Chinese.
‼ CVE-2023-5441 ‼
📖 Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40920 ‼
📖 Read
via "National Vulnerability Database".
Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44024 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39323 ‼
📖 Read
via "National Vulnerability Database".
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43981 ‼
📖 Read
via "National Vulnerability Database".
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43284 ‼
📖 Read
via "National Vulnerability Database".
An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43983 ‼
📖 Read
via "National Vulnerability Database".
Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40556 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <=Â 5.2 versions.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-45245 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4530 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44758 ‼
📖 Read
via "National Vulnerability Database".
GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4469 ‼
📖 Read
via "National Vulnerability Database".
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45244 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45246 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343.📖 Read
via "National Vulnerability Database".