APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries
Introduction# In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data...
Month: October 2023
Researcher Reveals New Techniques to Bypass Cloudflare’s Firewall and DDoS Protection
Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls,...
API Security Trends 2023 – Have Organizations Improved their Security Posture?
APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data...
Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could...
Protecting your IT infrastructure with Security Configuration Assessment (SCA)
Security Configuration Assessment (SCA) is critical to an organization's cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious...
Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation
Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have...
Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers
Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data...
CISA: NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors
NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors Today, the U.S. National Security Agency (NSA), Federal...
CISA: Cisco Releases Security Advisories for Multiple Products
Cisco Releases Security Advisories for Multiple Products Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote...
CISA: CISA Releases Six Industrial Control Systems Advisories
CISA Releases Six Industrial Control Systems Advisories CISA released six Industrial Control Systems (ICS) advisories on September 26, 2023. These...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: Mozilla Releases Security Advisories for Thunderbird and Firefox
Mozilla Releases Security Advisories for Thunderbird and Firefox Mozilla has released security updates to address vulnerabilities for Thunderbird 115.3, Firefox...
CISA: CISA Releases Three Industrial Control Systems Advisories
CISA Releases Three Industrial Control Systems Advisories CISA released three Industrial Control Systems (ICS) advisories on September 28, 2023. These...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: Mozilla Releases Security Updates for Multiple Products
Mozilla Releases Security Updates for Multiple Products Mozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR,...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: Apple Releases Security Updates for Multiple Products
Apple Releases Security Updates for Multiple Products Apple has released security updates to address vulnerabilities in multiple products. A cyber...
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
Nodesub – Command-Line Tool For Finding Subdomains In Bug Bounty Programs
Nodesub is a command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides...
LockBit 3.0 Ransomware Victim: aicsacorp[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
HashiCorp Vault and Vault Enterprise security bypass | CVE-2023-5077
NAME__________HashiCorp Vault and Vault Enterprise security bypassPlatforms Affected:HashiCorp Vault 1.12.0 HashiCorp Vault Enterprise 1.12.0Risk Level:7.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________HashiCorp Vault and Vault...
Online Movie Ticket Booking System cross-site scripting | CVE-2023-44174
NAME__________Online Movie Ticket Booking System cross-site scriptingPlatforms Affected:Projectworlds Online Movie Ticket Booking System 1.0Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Online Movie Ticket Booking...
Dell Data Protection Central information disclosure | CVE-2023-4129
NAME__________Dell Data Protection Central information disclosurePlatforms Affected:Dell Data Protection Central 19.9Risk Level:5.9Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Dell Data Protection Central could allow a...
Dell EMC AppSync privilege escalation | CVE-2023-32458
NAME__________Dell EMC AppSync privilege escalationPlatforms Affected:Dell EMC AppSync 4.4.0.0 Dell EMC AppSync 4.6.0.0Risk Level:7.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Dell EMC AppSync could allow...
