GHSA-W2H3-VVVQ-3M53 Pipelines do not validate child UIDs

Summary Pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. We should add UID to PipelineRun status and validate that child Run status/results only come from Runs...

Nexo Achieves Type 2 SOC 2 Audit, Reinforces Data Security Compliance

By Owais Sultan Nexo, the leading digital assets institution, announced a major milestone today as it successfully completed an independent Type… This is a post from HackRead.com Read the original post: Nexo Achieves Type 2 SOC 2 Audit, Reinforces Data Security Compliance...

CVE-2023-37206

CVE-2023-37206 affects Mozilla Firefox: uploading files that contain symlinks could trick users into submitting data to a malicious site. The issue targets Firefox versions earlier than 115 and stems from insufficient validation of symbolic links in the file-system API. Public advisories and vend...

cn.ponfee:commons-core (>=1.1 <=1.4), com.fuseanalytics.gradle.sslcertgen:com.fuseanalytics.gradle.sslcertgen.gradle.plugin (=1.0.0) +9 more potentially affected by CVE-2023-33201 via org.bouncycastle:bcprov-ext-jdk18on (>=1.71 <=1.73)

org.bouncycastle:bcprov-ext-jdk18on MAVEN version =1.71, =1.1, =2.2.9, =6.0, =6.0, =6.0, =9.0.14, =13.0.1 Source cves: CVE-2023-33201 Source advisory: OSV:GHSA-HR8G-6V94-X4M9...

CVE-2023-36817

tktchurch/website contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized...

Deserialization of untrusted data

Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or...

Company finds lost SSD—and confidential data—for sale on eBay

Major software company SAP is putting the pieces of a story involving missing SSD disks back together. Four SSD disks are alleged to have gone on an adventure last November, making their way out of a Walldorf, Germany, datacenter with one of them ending up on eBay. An investigation revealed that...

Why endpoint management is key to securing an AI-powered future

The chief information security officer CISO agenda has a new set of priorities. Hybrid work and the resultant architecture updates, so prevalent at the beginning of the pandemic, are no longer top of mind. Instead, the thinking is focused on tackling ever more sophisticated threats and integratin...

Why endpoint management is key to securing an AI-powered future

The chief information security officer CISO agenda has a new set of priorities. Hybrid work and the resultant architecture updates, so prevalent at the beginning of the pandemic, are no longer top of mind. Instead, the thinking is focused on tackling ever more sophisticated threats and integratin...

CVE-2023-35167 When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id

Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the @Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain...

PT-2023-21602 · Unknown · Aakif Kadiwala Tags Cloud Manager

Name of the Vulnerable Software and Affected Versions: Aakif Kadiwala Tags Cloud Manager plugin versions 1.0.0 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...

DNA testing company failed to protect sensitive genetic and health data, says FTC

DNA testing has long been a hot-button issue for security and privacy. Concerns about everything from law enforcement and data retention to job offers and insurance have all been examined at great length. With millions of people signing up to use these services, it was only a matter of time befor...

SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish

The Quick Serve Restaurant QSR industry is built on consistency and shared resources. National chains like McDonald's and regional ones like Cracker Barrel grow faster by reusing the same business model, decor, and menu, with little change from one location to the next. QSR technology stacks mirr...

Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads

By Deeba Ahmed Threat actors have been taking over abandoned S3 buckets to launch malicious binaries, steal login credentials and more. This is a post from HackRead.com Read the original post: Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads...

Baby monitor safety: What you need to know

Do you have an impending new arrival in your family of the small and very noisy variety? If so, youre probably going to invest in a baby monitor for peace of mind both at night and during the day. But do you know what kind of monitor youre going to buy? Will it be audio only, or have images? Will...

VPN for Privacy: Shielding Your Online Activities from Prying Eyes

By Waqas Protect your online privacy with trustworthy VPNs. Shield your sensitive data from prying eyes and browse the internet… This is a post from HackRead.com Read the original post: VPN for Privacy: Shielding Your Online Activities from Prying Eyes...

PT-2023-25303 · WordPress · Backup Manager

Name of the Vulnerable Software and Affected Versions: WP Backup Manager plugin versions prior to 1.13.1 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing...

CVE-2023-35811

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use...

In Healthcare Organizations, Data Security Risks Persist Despite HIPAA Compliance

In a recent blog post, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations today. This storm is escalating in size, force, and risk levels. The Health Insurance Portability and Accountability Act HIPAA sets the standard for protecting this dat...

Expanding horizons—Microsoft Security’s continued commitment to multicloud

Multicloud strategies have become the new norm for most enterprises, with more than 90 percent of organizations adopting multiple cloud infrastructures, platforms, and services to run their businesses.1 However, a lack of visibility into their digital infrastructure exposes them to significant...