π΄ Reassessing the Impacts of Risk Management With NIST Framework 2.0 π΄
π Read
via "Dark Reading".
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.π Read
via "Dark Reading".
Dark Reading
Reassessing the Impacts of Risk Management With NIST Framework 2.0
The latest NIST Cybersecurity Framework draft highlights four major themes that organizations should pay attention to for managing risk.
βΌ CVE-2023-44110 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44111 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44100 βΌ
π Read
via "National Vulnerability Database".
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44104 βΌ
π Read
via "National Vulnerability Database".
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5521 βΌ
π Read
via "National Vulnerability Database".
Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44118 βΌ
π Read
via "National Vulnerability Database".
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.π Read
via "National Vulnerability Database".
π¦Ώ How Australiaβs Banking Sector Can Embrace Cross-Collaboration to Combat the Scam Epidemic π¦Ώ
π Read
via "Tech Republic".
The ACCC has given the green light for cross-banking collaboration to address scams. Here's how IT pros in financial services can take advantage of this opportunity.π Read
via "Tech Republic".
TechRepublic
Australia's Banking Sector Can Embrace Cross-Collaboration to Combat Scams
The ACCC has given the green light for cross-banking collaboration to address scams. Here's how IT pros in financial services can take advantage of this opportunity.
π΄ Data Thieves Test-Drive Unique Certificate Abuse Tactic π΄
π Read
via "Dark Reading".
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.π Read
via "Dark Reading".
Dark Reading
Data Thieves Test-Drive Unique Certificate Abuse Tactic
An SEO poisoning campaign is spreading the RecordBreaker/Raccoon Stealer and LummaC2 infostealers by attempting to confound software certificate checks.
βΌ CVE-2023-4957 βΌ
π Read
via "National Vulnerability Database".
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45396 βΌ
π Read
via "National Vulnerability Database".
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.π Read
via "National Vulnerability Database".
π΄ Magecart Campaign Hijacks 404 Pages to Steal Data π΄
π Read
via "Dark Reading".
The novel technique helps hide the cybercriminal campaign's efforts to steal credit card information from visitors to major websites, and it represents an evolution for Magecart.π Read
via "Dark Reading".
Dark Reading
Magecart Campaign Hijacks 404 Pages to Steal Data
The novel technique helps hide the cybercriminal campaign's efforts to steal credit card information from visitors to major websites, and it represents an evolution for Magecart.
π΄ Addressing a Breach Starts With Getting Everyone on the Same Page π΄
π Read
via "Dark Reading".
The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align. π Read
via "Dark Reading".
Dark Reading
Addressing a Breach Starts With Getting Everyone on the Same Page
The best incident-response plans cover contingencies and are fine-tuned in stress tests to ensure collaboration, remediation, and recovery efforts align.
βΌ CVE-2023-28381 βΌ
π Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35966 βΌ
π Read
via "National Vulnerability Database".
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32645 βΌ
π Read
via "National Vulnerability Database".
A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35055 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34426 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32632 βΌ
π Read
via "National Vulnerability Database".
A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35967 βΌ
π Read
via "National Vulnerability Database".
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35056 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function.π Read
via "National Vulnerability Database".