France demands Apple pull iPhone 12 due to high RF radiation levels
The Agence Nationale des Fréquences (ANFR) has asked Apple to withdraw iPhone 12 smartphones from the French market because the...
Month: September 2023
Rollbar discloses data breach after hackers stole access tokens
Software bug-tracking company Rollbar disclosed a data breach after unknown attackers hacked its systems in early August and gained access...
How end-user phishing training works (and why it doesn’t)
It always takes two for a phishing attack to work – an attacker to send the bait and an insider...
CISA Publishes Plan to Enhance Open Source Security
A leading US security agency has released a long-awaited plan detailing how it will enhance open source security for both...
UK ICO and NCSC Set to Share Anonymized Threat Intelligence
The UK’s data protection regulator and its leading security agency have signed an agreement to cooperate more closely on cyber...
Microsoft Fixes Two Zero-Day Bugs Used in Attacks
Microsoft patched two zero-day vulnerabilities being actively exploited in the wild as part of its September Patch Tuesday yesterday.The first...
MGM Criticized for Repeated Security Failures
As the dust settles for MGM and systems are restored following a suspected cyber-attack, cybersecurity experts are now scrutinizing the...
US-CERT Vulnerability Summary for the Week of September 4, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocanonical_ltd. -- snapd_for_linuxUsing the TIOCLINUX ioctl request, a malicious snap could inject...
KaliPackergeManager – Kali Packerge Manager
kalipm.sh is a powerful package management tool for Kali Linux that provides a user-friendly menu-based interface to simplify the installation...
HackerOne Bug Bounty Disclosure: b-multiple-cross-site-scripting-xss-vulnerabilities-in-revive-adserver-b-l-stb-t
Company Name: b'Revive Adserver' Company HackerOne URL: https://hackerone.com/revive_adserver Submitted By:b'l4stb1t'Link to Submitters Profile:https://hackerone.com/b'l4stb1t' Report Title:b'Multiple cross-site scripting (XSS) vulnerabilities in...
HackerOne Bug Bounty Disclosure: b-cve-http-header-allocation-dos-b-selmelc
Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'selmelc'Link to Submitters Profile:https://hackerone.com/b'selmelc' Report Title:b'CVE-2023-38039: HTTP header allocation DOS'Report Link:https://hackerone.com/reports/2072338Date Submitted:13...
HackerOne Bug Bounty Disclosure: b-request-english-versions-of-web-pages-for-enhanced-privacy-keeps-previous-grayed-out-settings-b-andreien
Company Name: b'Tor' Company HackerOne URL: https://hackerone.com/torproject Submitted By:b'andreien'Link to Submitters Profile:https://hackerone.com/b'andreien' Report Title:b"'Request English versions of web pages for...
HackerOne Bug Bounty Disclosure: b-information-disclosure-pvt-gitlab-issue-disclosing-through-gitlab-unfiltered-youtube-channel-b-mrrajputhacker
Company Name: b'GitLab' Company HackerOne URL: https://hackerone.com/gitlab Submitted By:b'mrrajputhacker2'Link to Submitters Profile:https://hackerone.com/b'mrrajputhacker2' Report Title:b'Information Disclosure - Pvt Gitlab Issue Disclosing...
HackerOne Bug Bounty Disclosure: b-idor-authorization-bypass-in-lockreport-mutation-for-public-reports-b-verw-tch
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'0verw4tch'Link to Submitters Profile:https://hackerone.com/b'0verw4tch' Report Title:b'IDOR: Authorization Bypass in LockReport Mutation for...
Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service
More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics...
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on...
Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family
A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in...
How Cyberattacks Are Transforming Warfare
There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in...
Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws
Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been...
Webinar: Identity Threat Detection & Response (ITDR) – Rips in Your Identity Fabric
In today's digital age, SaaS applications have become the backbone of modern businesses. They streamline operations, enhance productivity, and foster...
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages
Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as...
Apple macOS Monterey information disclosure | CVE-2023-40440
NAME__________Apple macOS Monterey information disclosurePlatforms Affected:Apple macOS Monterey 12.6.7Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Monterey could allow a remote attacker to...
Simple Download Counter plugin for WordPress cross-site scripting | CVE-2023-4838
NAME__________Simple Download Counter plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Simple Download Counter Plugin for WordPress 1.6Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Simple Download...
Cockpit CMS file upload | CVE-2023-41564
NAME__________Cockpit CMS file uploadPlatforms Affected:Cockpit-HQ Cockpit 2.6.3Risk Level:5.3Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Cockpit CMS could allow a remote attacker to upload arbitrary files,...
