βΌ CVE-2023-5718 βΌ
π Read
via "National Vulnerability Database".
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26736 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28795 βΌ
π Read
via "National Vulnerability Database".
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26735 βΌ
π Read
via "National Vulnerability Database".
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.π Read
via "National Vulnerability Database".
π¦Ώ How to Remove an Apple ID from an iPhone π¦Ώ
π Read
via "Tech Republic".
Learn how to remove an Apple ID from your iPhone easily with this step-by-step guide.π Read
via "Tech Republic".
TechRepublic
How to Remove an Apple ID from an iPhone
Learn how to remove an Apple ID from your iPhone easily with this step-by-step guide.
π΄ Malicious Apps Spoof Israeli Attack Detectors: Conflict Goes Mobile π΄
π Read
via "Dark Reading".
A spoofed version of an Israeli rocket-attack alerting app is targeting Android devices, in a campaign that shows how cyber-espionage attacks are shifting to individual, everyday citizens.π Read
via "Dark Reading".
Dark Reading
Malicious Apps Spoof Israeli Attack Detectors: Conflict Goes Mobile
A spoofed version of an Israeli rocket-attack alerting app is targeting Android devices, in a campaign that shows how cyber-espionage attacks are shifting to individual, everyday citizens.
π΄ How State and Local Governments Can Serve Citizens More Securely π΄
π Read
via "Dark Reading".
Looking at the top 10 priorities of state CIOs underscores the importance of securing applications and APIs in complex environments.π Read
via "Dark Reading".
Dark Reading
How State and Local Governments Can Serve Citizens More Securely
The top 10 priorities of state CIOs underscore the importance of securing applications and APIs in complex environments.
π¦Ώ Gartnerβs Top 10 Strategic Technology Trends for 2024 π¦Ώ
π Read
via "Tech Republic".
Artificial intelligence garners the spotlight, taking the top three positions.π Read
via "Tech Republic".
TechRepublic
Gartnerβs Top 10 Strategic Technology Trends for 2024
Artificial intelligence garners the spotlight by taking the top three positions in this Gartner trends report.
π΄ City of Philadelphia Releases Cyber-Breach Notice π΄
π Read
via "Dark Reading".
The investigation is ongoing, and the city will contact those who may have potentially been affected by the breach, it said.π Read
via "Dark Reading".
Dark Reading
City of Philadelphia Releases Cyber-Breach Notice
The investigation is ongoing, and the city will contact those who may have potentially been affected by the breach, it said.
π΄ Hola Espana: 'Grandoreiro' Trojan Targets Global Banking Customers π΄
π Read
via "Dark Reading".
Brasileiro cybercrime has been on the rise. Now, one campaign targeting bank customers has reached beyond the Americas, into Europe.π Read
via "Dark Reading".
Dark Reading
Hola Espana: 'Grandoreiro' Trojan Targets Global Banking Customers
Brasileiro cybercrime has been on the rise. Now, one campaign targeting bank customers has reached beyond the Americas, into Europe.
βΌ CVE-2023-46288 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_configΓ option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_configΓ to non-sensitive-onlyΓ configuration. This is a different error than CVE-2023-45348Γ which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixesΓ CVE-2023-45348.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38722 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43045 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.π Read
via "National Vulnerability Database".
π΄ Valve's 2FA Mandate for Game Developers Shows SMS Stickiness π΄
π Read
via "Dark Reading".
Despite warnings that sending one-time passwords via text messages is a flawed security measure, companies continue to roll out the approach, especially in consumer-facing applications.π Read
via "Dark Reading".
Dark Reading
Valve's 2FA Mandate for Game Developers Shows SMS Stickiness
Despite warnings that sending one-time passwords via text messages is a flawed security measure, companies continue to roll out the approach, especially in consumer-facing applications.
π΄ Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices π΄
π Read
via "Dark Reading".
A seemingly sharp drop in the number of compromised Cisco IOS XE devices visible on the Internet led to a flurry of speculation over the weekend β but it turns out the malicious implants were just hiding.π Read
via "Dark Reading".
Dark Reading
Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices
A seemingly sharp drop in the number of compromised Cisco IOS XE devices visible on the Internet led to a flurry of speculation over the weekend β but it turns out the malicious implants were just hiding.
βΌ CVE-2023-27152 βΌ
π Read
via "National Vulnerability Database".
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27149 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22466 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37636 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33839 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46602 βΌ
π Read
via "National Vulnerability Database".
In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a.π Read
via "National Vulnerability Database".