Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats
The UK National Cyber Security Agency (NCSC) and National Protective Security Authority (NPSA), a new subdivision of domestic intelligence agency...
Month: October 2023
Google Play Protect Bolsters Security Against Malicious Apps
Google has bolstered the security of Android devices with a significant update to Google Play Protect. According to the tech...
Global Economy Could Lose $3.5trn in Systemic Cyber-Attack
Insurance giant Lloyd’s of London has published a systemic risk scenario of a cyber-attack resulting in global economic losses of...
ISACA CEO Hails Europe as a Lighthouse of Capability
ISACA, a global association of information systems auditors and control professionals, is rapidly growing in Europe, and at a faster...
AI Adoption Surges But Security Awareness Lags Behind
A new ExtraHop survey involving over 1200 global security and IT leaders has provided fresh insights into the adoption and...
US-CERT Vulnerability Summary for the Week of October 9, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info3ds -- teamwork_cloud_no_magic_releaseA Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from...
HackerOne Bug Bounty Disclosure: b-hackers-two-email-disclosed-on-submission-at-hackerone-hactivity-b-rynexx
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'rynexx'Link to Submitters Profile:https://hackerone.com/b'rynexx' Report Title:b'Hackers two email disclosed on submission at...
HackerOne Bug Bounty Disclosure: b-html-injection-at-company-name-or-product-name-and-can-be-shown-on-contact-sales-form-b-domg
Company Name: b'LinkedIn' Company HackerOne URL: https://hackerone.com/linkedin Submitted By:b'domg'Link to Submitters Profile:https://hackerone.com/b'domg' Report Title:b'HTML injection at Company Name or Product...
LockBit 3.0 Ransomware Victim: kasperekusaoptical[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
OpenTelemetry OpenTelemetry-Go Contrib denial of service | CVE-2023-45142
NAME__________OpenTelemetry OpenTelemetry-Go Contrib denial of servicePlatforms Affected:OpenTelemetry OpenTelemetry-Go Contrib 0.43.0Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________OpenTelemetry OpenTelemetry-Go Contrib is vulnerable to a...
Extreme Networks Switch Engine (EXOS) directory traversal | CVE-2023-43121
NAME__________Extreme Networks Switch Engine (EXOS) directory traversalPlatforms Affected:Extreme Networks Switch Engine (EXOS) 32.5.1.4 Extreme Networks Switch Engine (EXOS) 31.7.1Risk Level:5.3Exploitability:UnprovenConsequences:Obtain...
HP displays security bypass | CVE-2023-5449
NAME__________HP displays security bypassPlatforms Affected:HP E22 G4 FHD Monitor 1.0.3.0 HP EliteDisplay E273m 27-inch Monitor LIM181Risk Level:4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________HP displays...
Grafana privilege escalation | CVE-2023-4822
NAME__________Grafana privilege escalationPlatforms Affected:Grafana GrafanaRisk Level:6.7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Grafana could allow a remote authenticated attacker to gain elevated privileges on the...
Node.js security bypass | CVE-2023-39331
NAME__________Node.js security bypassPlatforms Affected:Node.js Node.js 20.0Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Node.js could allow a remote attacker to bypass security restrictions, caused by...
Node.js security bypass | CVE-2023-39332
NAME__________Node.js security bypassPlatforms Affected:Node.js Node.js 20.0Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Node.js could allow a remote attacker to bypass security restrictions, caused by...
Devolutions Server information disclosure | CVE-2023-5240
NAME__________Devolutions Server information disclosurePlatforms Affected:Devolutions Devolutions Server 2021.1.17 Devolutions Devolutions Server 2023.1.8Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Devolutions Server could allow a remote...
Extreme Networks Switch Engine (EXOS) cross-site request forgery | CVE-2023-43118
NAME__________Extreme Networks Switch Engine (EXOS) cross-site request forgeryPlatforms Affected:Extreme Networks Switch Engine (EXOS) 32.5.1.4 Extreme Networks Switch Engine (EXOS) 31.7.1Risk...
Node.js security bypass | CVE-2023-38552
NAME__________Node.js security bypassPlatforms Affected:Node.js Node.js 20.0Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Node.js could allow a remote attacker to bypass security restrictions, caused by...
QNAP QTS, QuTS hero, and QuTScloud buffer overflow | CVE-2023-32973
NAME__________QNAP QTS, QuTS hero, and QuTScloud buffer overflowPlatforms Affected:QNAP QTS 4.5.0 QNAP QTS 5.0.0 QNAP QuTS Hero h5.0.0 QNAP QuTS...
South River Technologies Titan MFT and Titan SFTP information disclosure | CVE-2023-45690
NAME__________South River Technologies Titan MFT and Titan SFTP information disclosurePlatforms Affected:South River Technologies Titan SFTP 2.0.17.2298 South River Technologies Titan...
Defender Security Plugin for WordPress security bypass | CVE-2023-5089
NAME__________Defender Security Plugin for WordPress security bypassPlatforms Affected:WordPress Defender Security Plugin for WordPress 4.1.0Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Defender Security Plugin for...
QNAP QTS, QuTS hero, and QuTScloud denial of service | CVE-2023-32970
NAME__________QNAP QTS, QuTS hero, and QuTScloud denial of servicePlatforms Affected:QNAP QTS 4.5.0 QNAP QTS 5.0.0 QNAP QuTS Hero h5.0.0 QNAP...
South River Technologies Titan MFT and Titan SFTP directory traversal | CVE-2023-45688
NAME__________South River Technologies Titan MFT and Titan SFTP directory traversalPlatforms Affected:South River Technologies Titan SFTP 2.0.17.2298 South River Technologies Titan...
Node.js unauthorized access | CVE-2023-39333
NAME__________Node.js unauthorized accessPlatforms Affected:Node.js Node.js 18.0 Node.js Node.js 20.0Risk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Node.js could allow a remote attacker to gain unauthorized...
