‼ CVE-2023-5946 ‼
📖 Read
via "National Vulnerability Database".
The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5088 ‼
📖 Read
via "National Vulnerability Database".
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.📖 Read
via "National Vulnerability Database".
🦿 What Is a VPN? Definition, How It Works, and More 🦿
📖 Read
via "Tech Republic".
A VPN (virtual private network) encrypts your internet traffic and protects your online privacy. Find out how it works and why you should use it.📖 Read
via "Tech Republic".
TechRepublic
What Is a VPN? Definition, How It Works, and More
A VPN (virtual private network) encrypts your internet traffic and protects your online privacy. Find out how it works and why you should use it.
🕴 Somebody Just Killed the Mozi Botnet 🕴
📖 Read
via "Dark Reading".
The once great botnet was nearly entirely eliminated in August. Why, who did it, and what comes next remain unclear.📖 Read
via "Dark Reading".
Dark Reading
Somebody Just Killed the Mozi Botnet
The once great botnet was nearly entirely eliminated in August. Why, who did it, and what comes next remain unclear.
🕴 'KandyKorn' macOS Malware Lures Crypto Engineers 🕴
📖 Read
via "Dark Reading".
Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware.📖 Read
via "Dark Reading".
Dark Reading
'KandyKorn' macOS Malware Lures Crypto Engineers
Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware.
🕴 Okta Customer Support Breach Exposed Data on 134 Companies 🕴
📖 Read
via "Dark Reading".
1Password, BeyondTrust, and Cloudflare were among five customers directly targeted with stolen Okta session tokens, the company's CSO says. 📖 Read
via "Dark Reading".
Dark Reading
Okta Customer Support Breach Exposed Data on 134 Companies
1Password, BeyondTrust, and Cloudflare were among five customers directly targeted with stolen Okta session tokens, the company's CSO says.
🦿 EleKtra-Leak Campaign Uses AWS Cloud Keys Found on Public GitHub Repositories to Run Cryptomining Operation 🦿
📖 Read
via "Tech Republic".
In the active Elektra-Leak campaign, attackers hunt for Amazon IAM credentials within public GitHub repositories before using them for cryptomining. Get tips on mitigating this cybersecurity threat.📖 Read
via "Tech Republic".
TechRepublic
EleKtra-Leak Campaign Uses AWS Cloud Keys Found on Public GitHub Repositories to Run Cryptomining Operation
In the active Elektra-Leak campaign, attackers hunt for Amazon IAM credentials within public GitHub repositories before using them for cryptomining.
🔥1
‼ CVE-2023-3893 ‼
📖 Read
via "National Vulnerability Database".
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.📖 Read
via "National Vulnerability Database".
🕴 Ace Hardware Still Reeling From Weeklong Cyberattack 🕴
📖 Read
via "Dark Reading".
Cyberattackers downed a quarter of the hardware giant's entire IT apparatus. Now, before the company can recover, they're going after individual branches.📖 Read
via "Dark Reading".
Dark Reading
Ace Hardware Still Reeling From Weeklong Cyberattack
Cyberattackers downed a quarter of the hardware giant's entire IT apparatus. Now, before the company can recover, they're going after individual branches.
🕴 Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed 🕴
📖 Read
via "Dark Reading".
In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518.📖 Read
via "Dark Reading".
Dark Reading
Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed
In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518.
‼ CVE-2022-43555 ‼
📖 Read
via "National Vulnerability Database".
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43554 ‼
📖 Read
via "National Vulnerability Database".
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-47235 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44569 ‼
📖 Read
via "National Vulnerability Database".
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-47233 ‼
📖 Read
via "National Vulnerability Database".
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-47234 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41725 ‼
📖 Read
via "National Vulnerability Database".
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41726 ‼
📖 Read
via "National Vulnerability Database".
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3172 ‼
📖 Read
via "National Vulnerability Database".
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36677 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45189 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.📖 Read
via "National Vulnerability Database".