π΄ Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit π΄
π Read
via "Dark Reading".
A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia.π Read
via "Dark Reading".
Dark Reading
Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit
A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia.
π΄ Cybersecurity Awareness Doesn't Cut It; It's Time to Focus on Behavior π΄
π Read
via "Dark Reading".
We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Awareness Doesn't Cut It; It's Time to Focus on Behavior
We have too much cybersecurity awareness. It's time to implement repeatable, real-world practice that ingrains positive habits and security behaviors.
π΄ Kazakh Attackers, Disguised as Azerbaijanis, Hit Former Soviet States π΄
π Read
via "Dark Reading".
The YoroTrooper group claims to be from Azerbaijan and even routes its phishing traffic through the former Soviet republic.π Read
via "Dark Reading".
Dark Reading
Kazakh Attackers, Disguised as Azerbaijanis, Hit Former Soviet States
The YoroTrooper group claims to be from Azerbaijan and even routes its phishing traffic through the former Soviet republic.
π΄ Virtual Alarm: VMware Issues Major Security Advisory π΄
π Read
via "Dark Reading".
VMWare vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins. π Read
via "Dark Reading".
Dark Reading
Virtual Alarm: VMware Issues Major Security Advisory
VMware vCenter Servers need immediate patch against critical RCE bug as race against threat actors begins.
π΄ As Citrix Urges Its Clients to Patch, Researchers Release an Exploit π΄
π Read
via "Dark Reading".
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.π Read
via "Dark Reading".
Dark Reading
As Citrix Urges Its Clients to Patch, Researchers Release an Exploit
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.
π2
βΌ CVE-2023-3010 βΌ
π Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1356 βΌ
π Read
via "National Vulnerability Database".
Reflected cross-site scripting in the StudentSearch component in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows hijacking of a userΓ’β¬β’s browsing session by attackers who have convinced the said user to click on a malicious link.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3699 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to versionΓ 1.3.1.2 andΓ Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38484 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20273 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39734 βΌ
π Read
via "National Vulnerability Database".
The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39733 βΌ
π Read
via "National Vulnerability Database".
The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40413 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26583 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40444 βΌ
π Read
via "National Vulnerability Database".
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26580 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated arbitrary file read in the IDAttendΓ’β¬β’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26568 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34048 βΌ
π Read
via "National Vulnerability Database".
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.Γ A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31581 βΌ
π Read
via "National Vulnerability Database".
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38485 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26574 βΌ
π Read
via "National Vulnerability Database".
Missing authentication in the SearchStudents method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.π Read
via "National Vulnerability Database".