π΄ How State and Local Governments Can Serve Citizens More Securely π΄
π Read
via "Dark Reading".
Looking at the top 10 priorities of state CIOs underscores the importance of securing applications and APIs in complex environments.π Read
via "Dark Reading".
Dark Reading
How State and Local Governments Can Serve Citizens More Securely
The top 10 priorities of state CIOs underscore the importance of securing applications and APIs in complex environments.
π¦Ώ Gartnerβs Top 10 Strategic Technology Trends for 2024 π¦Ώ
π Read
via "Tech Republic".
Artificial intelligence garners the spotlight, taking the top three positions.π Read
via "Tech Republic".
TechRepublic
Gartnerβs Top 10 Strategic Technology Trends for 2024
Artificial intelligence garners the spotlight by taking the top three positions in this Gartner trends report.
π΄ City of Philadelphia Releases Cyber-Breach Notice π΄
π Read
via "Dark Reading".
The investigation is ongoing, and the city will contact those who may have potentially been affected by the breach, it said.π Read
via "Dark Reading".
Dark Reading
City of Philadelphia Releases Cyber-Breach Notice
The investigation is ongoing, and the city will contact those who may have potentially been affected by the breach, it said.
π΄ Hola Espana: 'Grandoreiro' Trojan Targets Global Banking Customers π΄
π Read
via "Dark Reading".
Brasileiro cybercrime has been on the rise. Now, one campaign targeting bank customers has reached beyond the Americas, into Europe.π Read
via "Dark Reading".
Dark Reading
Hola Espana: 'Grandoreiro' Trojan Targets Global Banking Customers
Brasileiro cybercrime has been on the rise. Now, one campaign targeting bank customers has reached beyond the Americas, into Europe.
βΌ CVE-2023-46288 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_configΓ option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_configΓ to non-sensitive-onlyΓ configuration. This is a different error than CVE-2023-45348Γ which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixesΓ CVE-2023-45348.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38722 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43045 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.π Read
via "National Vulnerability Database".
π΄ Valve's 2FA Mandate for Game Developers Shows SMS Stickiness π΄
π Read
via "Dark Reading".
Despite warnings that sending one-time passwords via text messages is a flawed security measure, companies continue to roll out the approach, especially in consumer-facing applications.π Read
via "Dark Reading".
Dark Reading
Valve's 2FA Mandate for Game Developers Shows SMS Stickiness
Despite warnings that sending one-time passwords via text messages is a flawed security measure, companies continue to roll out the approach, especially in consumer-facing applications.
π΄ Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices π΄
π Read
via "Dark Reading".
A seemingly sharp drop in the number of compromised Cisco IOS XE devices visible on the Internet led to a flurry of speculation over the weekend β but it turns out the malicious implants were just hiding.π Read
via "Dark Reading".
Dark Reading
Cyberattackers Alter Implant on 30K Compromised Cisco IOS XE Devices
A seemingly sharp drop in the number of compromised Cisco IOS XE devices visible on the Internet led to a flurry of speculation over the weekend β but it turns out the malicious implants were just hiding.
βΌ CVE-2023-27152 βΌ
π Read
via "National Vulnerability Database".
DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27149 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22466 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37636 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33839 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46602 βΌ
π Read
via "National Vulnerability Database".
In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33840 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46603 βΌ
π Read
via "National Vulnerability Database".
In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37635 βΌ
π Read
via "National Vulnerability Database".
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33837 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45966 βΌ
π Read
via "National Vulnerability Database".
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27148 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.π Read
via "National Vulnerability Database".
π₯2