This Week in Spring - August 15th, 2023

SpringOne, the first in-person SpringOne since the pandemic! - is next week!! I'm so excited I could spit. And I did spit. And then, I asked ChatGPT for some help writing a poem, and it did not disappoint! T'was a week before SpringOne, in Las Vegas so grand, Where devs from all corners would soo...

CVE-2023-23577

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for IntelR NUC may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-23577

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for IntelR NUC may allow an authenticated user to potentially enable escalation of privilege via local access...

Privilege escalation

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for IntelR NUC may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-23577

CVE-2023-23577 affects ITE Tech consumer infrared drivers for Intel NUC, with an uncontrolled search path element in versions before 5.5.2.1 that may let an authenticated local user escalate privileges. Intel’s advisory INTEL-SA-00829 confirms the issue and recommends updating to driver version 5...

CVE-2023-23577

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for IntelR NUC may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-23577

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for IntelR NUC may allow an authenticated user to potentially enable escalation of privilege via local access...

PT-2023-19056 · Ite Tech · Ite Tech Consumer Infrared Driver

Name of the Vulnerable Software and Affected Versions: ITE Tech consumer infrared drivers versions prior to 5.5.2.1 for IntelR NUC Description: The issue is related to an uncontrolled search path element in some ITE Tech consumer infrared drivers for IntelR NUC, which may allow an authenticated...

Intel® NUC CID Advisory

Summary: A potential security vulnerability in some ITE Tech consumer infrared drivers CID for some Intel® NUCs may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-23577 Description: Uncontrolled...

n00b’s guide to DEF CON. Surviving the Matrix of the underground

Ah, DEF CON. The worlds largest hacker convention. A beacon for the diverse spectrum of cyber security enthusiasts. From code-cracking challenges to the infamous Wall of Sheep, the event is a hive of activities and opportunities. But before we dive into the world of hackerdom, lets get one thing...

CVE-2023-38419

An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Tech Consolidation – How and When?

Streamlining IT for business optimal business performance...

Why It’s Important to Make Tech More Accessible

...

Malwarebytes Browser Guard introduces three new features

Malwarebytes Browser Guard is our free browser extension for Chrome, Edge, Firefox, and Safari that blocks unwanted and unsafe content, giving users a safer and faster browsing experience. It's the worlds first browser extension to do this while also identifying and stopping tech support scams. A...

Function collision between extension functions and account functions

Lines of code Vulnerability details Impact Users or owner can't use extensions because of collision between extension functions and account functions Proof of Concept Whenever someone calls account it will check for functions inside it, if there isn't function it goes to fallback to check...

The AI Dividend

For four decades, Alaskans have opened their mailboxes to find checks waiting for them, their cut of the black gold beneath their feet. This is Alaskas Permanent Fund, funded by the states oil revenues and paid to every Alaskan each year. Were now in a different sort of resource rush, with...

se-unsa.org Cross Site Scripting vulnerability OBB-3478514

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

This Week in Spring - July 4th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week I am in sweltering, but lovely, Singapore, where I'm meeting with customers and just finished presenting at the SpringOne Tour Singapore stop. If you're in Singapore, I hope you'll join me tonight for Bootiful Sprin...

Four Signs You Need to Consolidate Your Tech Stack

Recently, Gartner surveyed security professionals and found that over 50% of the respondents were looking to consolidate their security tech stack. Why? These professionals recognized that security vendor consolidation is key to achieving their goals of improving productivity, visibility, and...

Inclusion in Tech: Discover Diverse Career Paths for Women in Tech

Hema Patel discusses inclusive career paths, cancel culture in the workplace, and defying the traditional education limitations for women in tech...