Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Microsoft Does Damage Control With Its New 'Secure Future Initiative'

Following a string of serious security incidents, Microsoft says it has a plan to deal with escalating threats from cybercriminals and state-backed hackers.

Wired
#vulnerability#windows#apple#google#microsoft#git#intel#auth
CVE-2023-42802: Release 10.0.10 · glpi-project/glpi

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP files can then be executed through a web server request. Version 10.0.10 fixes this issue. As a workaround, remove write access on `/ajax` and `/front` files to the web server.

CVE-2023-46475: GitHub - easysoft/zentaopms: Zentao is an agile(scrum) project management system/tool, Free Upgrade Forever!​

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.

CVE-2023-46475: CVE-Disclosures/ZentaoPMS/CVE-2023-46475/CVE-2023-46475 - Cross-Site Scripting (Stored).md at main · elementalSec/CVE-Disclosures

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.

India Blockchain Week (IBW) Unveils Diverse Speaker Line-up

By Owais Sultan India Blockchain Week (IBW), the country’s flagship series of blockchain and Web3 events held in Bangalore from Dec.4-10, is… This is a post from HackRead.com Read the original post: India Blockchain Week (IBW) Unveils Diverse Speaker Line-up

Mitsubishi Electric MELSEC iQ-F Series CPU Module

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: MELSEC iQ-F Series Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to prevent legitimate users from logging into the web server function for a certain period, resulting in a denial-of-service condition. The impact of this vulnerability will persist while the attacker continues to attempt the attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric MELSEC iQ-F Series products are affected (Products with * are sold in limited regions): FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS (Serial number 17X**** and later): All versions FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS (Serial number 179**** and prior): Versions 1.060 or later FX5UC-xMy/z x=32,64,96, y=T, z=D,DSS (Serial number 17X**** and later): All versions FX5UC-xMy/z x=32,64,96...

The UN Hired an AI Company to Untangle the Israeli-Palestinian Crisis

CulturePulse's AI model promises to create a realistic virtual simulation of every Israeli and Palestinian citizen. But don't roll your eyes: It's already been put to the test in other conflict zones.

Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign

The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from N-able called Advanced Monitoring Agent. Cybersecurity firm Deep Instinct, which disclosed details of the attacks, said the campaign "exhibits updated TTPs to previously reported MuddyWater activity,"

What Gen Z really cares about when it comes to privacy

It would be easy to think that Gen Z doesn’t care about privacy. It's not that, though, they just care about privacy in a different way to older generations.

GHSA-w9cp-3x79-2p8p: transmute-core unsafe YAML deserialization vulnerability

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.