Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-5548: Official Moodle git projects - moodle.git/search

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

CVE
#git
CVE-2023-5544: Official Moodle git projects - moodle.git/search

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

CVE-2023-5546: Official Moodle git projects - moodle.git/search

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

CVE-2023-5542: Official Moodle git projects - moodle.git/search

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

Opinion: The Pros and Cons of the UK’s New Digital Regulation Principles 

By Daily Contributors By Liz Smith, Digital Marketing Consultant for Elsewhen – Digital technologies have transformed how we live, work, and… This is a post from HackRead.com Read the original post: Opinion: The Pros and Cons of the UK’s New Digital Regulation Principles

A new video series, Google Forms spam and the various gray areas of cyber attacks

It can be easy to get caught up in the “big” questions in cybersecurity, like how to stop ransomware globally or keep hospitals up and running when they’re targeted by data theft extortion.

GHSA-3f38-96qm-r3fw: esptool allows attackers to view sensitive information via weak cryptographic algorithm

An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.

Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability

The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in MOVEit Transfer and PaperCut servers. The issue, tracked as CVE-2023-47246, concerns a path traversal

Judge rules it’s fine for car makers to intercept your text messages

A judge has refused to bring back a class action lawsuit against four car manufacturers because the privacy violation did not meet the WPA standard.

CVE-2023-47110: Any value can be changed in the configuration table by an employee having access to block reassurance module

blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.