ποΈ Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks ποΈ
π Read
via "The Hacker News".
Microsoft on Thursday said itβs once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware.βThe observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,β the Microsoft Threat Intelligenceπ Read
via "The Hacker News".
ποΈ CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK ποΈ
π Read
via "The Hacker News".
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information.The activity, which was detected by the agency between December 15 and 25, 2023, targets government entitiesπ Read
via "The Hacker News".
π΄ UAE Banks on AI to Boost Cybersecurity π΄
π Read
via "Dark Reading".
The federation has formed partnerships to aid its cybersecurity ambitions as well, but aging legacy systems and a talent gap leave the UAE vulnerable to cyber-risks. π Read
via "Dark Reading".
Darkreading
UAE Banks on AI to Boost Cybersecurity
The federation has formed partnerships to aid its cybersecurity ambitions as well, but aging legacy systems and a talent gap leave the UAE vulnerable to cyber risks.
π΄ I Securely Resolve: CISOs, IT Security Leaders Share 2024 Resolutions π΄
π Read
via "Dark Reading".
As cybersecurity leaders confront ever more complex challenges, the new year offers security leaders a chance to strategically reevaluate and plan for 2024.π Read
via "Dark Reading".
Darkreading
I Securely Resolve: CISOs, IT Security Leaders Share 2024 Resolutions
As cybersecurity leaders confront ever more complex challenges, the new year offers security leaders a chance to strategically reevaluate and plan for 2024.
ποΈ Albanian Parliament and One Albania Telecom Hit by Cyber Attacks ποΈ
π Read
via "The Hacker News".
The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the countryβs National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week.βThese infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,β AKCESK said.One Albania, which hasπ Read
via "The Hacker News".
π±οΈ A year in review: 10 of the biggest security incidents of 2023 π±οΈ
π Read
via "WeLiveSecurity - ESET".
As we draw the curtain on another eventful year in cybersecurity, letβs review some of the high-profile cyber-incidents that occurred in 2023π Read
via "WeLiveSecurity - ESET".
Welivesecurity
A year in review: 10 of the biggest security incidents of 2023
As we draw the curtain on another eventful year in cybersecurity, letβs review some of the high-profile cyber-incidents that occurred this year3.
π΄ Palo Alto Networks Closes Talon Cybersecurity Acquisition π΄
π Read
via "Dark Reading".
The Talon acquisition extends Palo Alto Networks' best-in-class SASE solution to help protect all managed and unmanaged devices.π Read
via "Dark Reading".
Darkreading
Palo Alto Networks Closes Talon Cyber Security Acquisition
The Talon acquisition extends Palo Alto Networks' best-in-class SASE solution to help protect all managed and unmanaged devices.
π΄ βOperation Triangulationβ Spyware Attackers Bypass iPhone Memory Protections π΄
π Read
via "Dark Reading".
The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures.π Read
via "Dark Reading".
Dark Reading
'Operation Triangulation' Spyware Attackers Bypass iPhone Memory Protections
The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures.
β€2π₯1
βΌοΈCVE-2023-7143βΌοΈ
π Read more
Via "National Vulnerability Database"
A vulnerability was found in codeprojects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file adminregester.php. The manipulation of the argument fnamelnameemailcontact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB249146 is the identifier assigned to this vulnerability.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-7144βΌοΈ
π Read more
Via "National Vulnerability Database"
A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file appctrlframeworkFeature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB249147.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-23431βΌοΈ
π Read more
Via "National Vulnerability Database"
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-23432βΌοΈ
π Read more
Via "National Vulnerability Database"
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-23433βΌοΈ
π Read more
Via "National Vulnerability Database"
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-23434βΌοΈ
π Read more
Via "National Vulnerability Database"
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-23435βΌοΈ
π Read more
Via "National Vulnerability Database"
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-23436βΌοΈ
π Read more
Via "National Vulnerability Database"
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-31292βΌοΈ
π Read more
Via "National Vulnerability Database"
An issue was discovered in Sesami Cash Point Transport Optimizer CPTO 6.3.8.6 718, allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-31298βΌοΈ
π Read more
Via "National Vulnerability Database"
Cross Site Scripting XSS vulnerability in Sesami Cash Point Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-31301βΌοΈ
π Read more
Via "National Vulnerability Database"
Stored Cross Site Scripting XSS Vulnerability in Sesami Cash Point Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-7145βΌοΈ
π Read more
Via "National Vulnerability Database"
A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file appctrlFramework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB249148.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-7146βΌοΈ
π Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file appctrlframeworkFeature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB249149 was assigned to this vulnerability.π Read more
Via "National Vulnerability Database"
π1