π΄ What Would a Government Shutdown Mean for Cybersecurity? π΄
π Read
via "Dark Reading".
Companies are advised to act now to protect networks while federal employee paychecks are still forthcoming. Public agencies are updating contingency plans before the November extension ends, while cyber stalkers get an extra month to plan, too. π Read
via "Dark Reading".
Dark Reading
What Would a Government Shutdown Mean for Cybersecurity?
Companies are advised to act now to protect networks while federal employee paychecks are still forthcoming. Public agencies are updating contingency plans before the November extension ends, while cyber stalkers get an extra month to plan, too.
π GRR 3.4.7.1 π
π Read
via "Packet Storm Security".
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.π Read
via "Packet Storm Security".
Packetstormsecurity
GRR 3.4.7.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Clam AntiVirus Toolkit 1.2.1 π
π Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 1.2.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Nigerian Cybercrime Hub Shut Down With 6 Arrests π΄
π Read
via "Dark Reading".
The cybercrime recruitment and mentoring hub conducted a variety of cybercrimes including business email compromise.π Read
via "Dark Reading".
Dark Reading
Nigerian Cybercrime Hub Shut Down With 6 Arrests
The cybercrime recruitment and mentoring hub conducted a variety of cybercrimes including business email compromise.
βΌ CVE-2023-46234 βΌ
π Read
via "National Vulnerability Database".
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45869 βΌ
π Read
via "National Vulnerability Database".
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46450 βΌ
π Read
via "National Vulnerability Database".
Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5783 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5784 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46449 βΌ
π Read
via "National Vulnerability Database".
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5782 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243588. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46238 βΌ
π Read
via "National Vulnerability Database".
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to an SVG to gain access to the victimΓ’β¬β’s account in certain scenarios. A victim would need to directly open the malicious image in the browser, where a single session in ZITADEL needs to be active for this exploit to work. If the possible victim had multiple or no active sessions in ZITADEL, the attack would not succeed. This issue has been patched in version 2.39.2 and 2.38.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45868 βΌ
π Read
via "National Vulnerability Database".
The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system's components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it's essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45867 βΌ
π Read
via "National Vulnerability Database".
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system's security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5785 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46090 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <=Γ 1.0.15 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41096 βΌ
π Read
via "National Vulnerability Database".
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41095 βΌ
π Read
via "National Vulnerability Database".
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash.This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.π Read
via "National Vulnerability Database".
π¦Ώ Everything You Need to Know About Microsoftβs New $5 Billion Investment in Australia π¦Ώ
π Read
via "Tech Republic".
Microsoft plans to more than double its cloud computing capacity in Australia over the next two years and expand its support for critical national cyber security and technology skills priorities.π Read
via "Tech Republic".
TechRepublic
Everything You Need to Know About Microsoftβs $5 Billion Investment in Australia
Microsoft will more than double its cloud computing capacity in Australia and expand support for national cyber security and tech skills.
π΄ Longer Support Periods Raise the Bar for Mobile Security π΄
π Read
via "Dark Reading".
With Google's announcement of seven years of support, other smartphone makers risk falling behind.π Read
via "Dark Reading".
Dark Reading
Longer Support Periods Raise the Bar for Mobile Security
With Google's announcement of seven years of support, other smartphone makers risk falling behind.
βΌ CVE-2023-45317 βΌ
π Read
via "National Vulnerability Database".
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.π Read
via "National Vulnerability Database".