Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2831)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Druid < 0.22.0 Incorrect Authorization

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

The Dark Side of Web Development: Why You Should Be Prioritizing Shadow Code

In the fast-paced world of web development, staying ahead of the curve is paramount, as developers are frequently under pressure to deliver products and functionalities quickly and efficiently. To meet accelerated timelines, they often leverage third-party scripts and open-source libraries,...

CVE-2023-42472

CVE-2023-42472 affects SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface (v420). Root cause: insufficient file type validation during image file upload, enabling an authenticated attacker to intercept requests and modify content type/extension to read/modify sensi...

Major cyberattack leaves MGM Resorts reeling

A major incident impacting MGM Resorts has caused computer shutdowns all over the US. The systems most impacted are tied to casinos and hotel computer systems. According to the AP, locations caught by this shutdown range from New York and Ohio to Michigan and Mississippi. At this point Id link to...

PT-2023-5565 · Huawei · Harmonyos +1

Name of the Vulnerable Software and Affected Versions: DDMP module affected versions not specified Description: The issue is related to a data security classification vulnerability in the DDMP module, which may affect confidentiality. Successful exploitation of this vulnerability could allow a...

Cisco HyperFlex HX Data Platform Input Validation Error Vulnerability

The Cisco HyperFlex HX Data Platform is a high-performance, scalable distributed file system that supports a wide range of virtual machine monitoring programs and provides a range of enterprise-class data management and optimization services. An input validation error vulnerability exists in Cisc...

AlmaLinux 8 : firefox (ALSA-2023:4952)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:4952 advisory. - A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing...

PT-2023-27331 · Vathemes · Vathemes Business Pro

Name of the Vulnerable Software and Affected Versions: Vathemes Business Pro theme versions = 1.10.4 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal...

PT-2023-22730 · Imagerecycle · Imagerecycle Pdf & Image Compression Plugin

Name of the Vulnerable Software and Affected Versions: ImageRecycle ImageRecycle pdf & image compression plugin versions = 3.1.10 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...

Imperva Clinches 2023 SC Media Trust Award for Best Database Security Solution: A Back-to-Back Victory

Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the second consecutive year that...

Spoofing

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange...

2.6 million DuoLingo users have scraped data released

An unknown party has released the scraped data of 2.6 million DuoLingo users on a hacking forum. While they offered the data set for sale in January for $1,500, it's now been released on a new version of the Breached hacking forum for 8 site credits, worth only $2.13. DuoLingo is an educational...

CVE-2023-35785

CVE-2023-35785 is a TFA bypass vulnerability affecting Zoho ManageEngine Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager/Security Plus, Recovery Manager Plus, ...

Elevating Data Security: Key Considerations When Transferring Your Digital Workspace

By Owais Sultan Data security is vital for protecting sensitive information and maintaining trust. This is a post from HackRead.com Read the original post: Elevating Data Security: Key Considerations When Transferring Your Digital Workspace...

SUSE-SU-2023:3406-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 10 bsc1213541 - CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. bsc1213934 - CVE-2023-22041: Fixed a flaw whci...

CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds

A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear...

CVE-2023-21232

CVE-2023-21232 corresponds to a permissions-bypass information-disclosure issue affecting Wear OS and related Android components. The vulnerability allows retrieval of sensor data without permission, with local access and no user interaction required. Exploitation details (vector, affected versio...

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First

The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill DPDPB after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of...

CVE-2023-39383

Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security...