‼ CVE-2023-37636 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33839 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46602 ‼
📖 Read
via "National Vulnerability Database".
In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33840 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46603 ‼
📖 Read
via "National Vulnerability Database".
In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37635 ‼
📖 Read
via "National Vulnerability Database".
UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33837 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45966 ‼
📖 Read
via "National Vulnerability Database".
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27148 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.📖 Read
via "National Vulnerability Database".
🔥2
‼ CVE-2023-46058 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46059 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.📖 Read
via "National Vulnerability Database".
🦿 Generative AI Can Write Phishing Emails, But Humans Are Better At It, IBM X-Force Finds 🦿
📖 Read
via "Tech Republic".
Hacker Stephanie "Snow" Carruthers and her team found phishing emails written by security researchers saw a 3% better click rate than phishing emails written by ChatGPT.📖 Read
via "Tech Republic".
TechRepublic
Generative AI Can Write Phishing Emails, But Humans are Better at It, IBM X-Force Finds
Hacker Stephanie "Snow" Carruthers and her team found phishing emails written by security researchers saw a 3% better click rate than phishing emails written by ChatGPT.
🕴 'Log in with...' Feature Allows Full Online Account Takeover for Millions 🕴
📖 Read
via "Dark Reading".
Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires -- and other online services likely have the same problems.📖 Read
via "Dark Reading".
Dark Reading
'Log in with...' Feature Allows Full Online Account Takeover for Millions
Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires — and other online services likely have the same problems.
🕴 It's Time to Establish the NATO of Cybersecurity 🕴
📖 Read
via "Dark Reading".
Cybercriminals already operate across borders. Nations must do the same to protect their critical infrastructure, people, and technology from threats foreign and domestic.📖 Read
via "Dark Reading".
Dark Reading
It's Time to Establish the NATO of Cybersecurity
Cybercriminals already operate across borders. Nations must do the same to protect their critical infrastructure, people, and technology from threats foreign and domestic.
🕴 Cyberattacks on Kenya Drop in Third Quarter 🕴
📖 Read
via "Dark Reading".
National response team attributes reduction to a cyber workforce with better training.📖 Read
via "Dark Reading".
Dark Reading
Cyberattacks on Kenya Drop in Third Quarter
National response team attributes reduction to a cyber workforce with better training.
🕴 Strengthening Oman's Economic Backbone 🕴
📖 Read
via "Dark Reading".
Creating a new regulatory framework to better secure Oman's banking system against future attacks.📖 Read
via "Dark Reading".
Dark Reading
Strengthening Oman's Economic Backbone
Creating a new regulatory framework to better secure Oman's banking system against future attacks.
🕴 Do Small Companies Need Fractional AppSec Teams Akin to vCISOs? 🕴
📖 Read
via "Dark Reading".
Zatik takes a fractional approach to AppSec leadership to help small firms access the expertise they need to build secure-by-design software.📖 Read
via "Dark Reading".
Dark Reading
Do Small Companies Need Fractional AppSec Teams Akin to Virtual CISOs?
Zatik takes a fractional approach to AppSec leadership to help small firms access the expertise they need to build secure-by-design software.
🕴 Accenture Expands Cybersecurity Services Capabilities in Latin America With Acquisition of MNEMO Mexico 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Accenture Expands Cybersecurity Services Capabilities in Latin America With Acquisition of MNEMO Mexico
PRESS RELEASE
🦿 Cisco Patches Two Dangerous Zero-Day Vulnerabilities 🦿
📖 Read
via "Tech Republic".
The vulnerabilities, one of which was rated critical and one of which was rated highly severe, affect Cisco IOS XE software.📖 Read
via "Tech Republic".
TechRepublic
Cisco Patches 2 Dangerous Zero-Day Vulnerabilities
The vulnerabilities, one of which was rated critical and one of which was rated highly severe, affect Cisco IOS XE software.
🕴 2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report
PRESS RELEASE
🕴 Tines Report Finds More than Half of Security Professionals Likely To Switch Jobs Next Year 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Tines Report Finds More than Half of Security Professionals Likely To Switch Jobs Next Year
PRESS RELEASE