Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Thought GDPR Compliance Was Hard? Buckle Up

Guy Tytunovich, founder and CEO of CHEQ, says the days of a one-size-fits-all consent strategy are gone. Consider a two-pronged approach and use smart consent management technology to adapt to differing regulations.

DARKReading
#web#amazon#intel#auth
CVE-2023-6218: MOVEit Secure Managed File Transfer Software | Progress

In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.

Why Ransomware Could Surge in the Middle East & Africa

Organizations from the Middle East and Africa have typically escaped public ransoms, but that's changing amid heightened geopolitical conflicts and digitalization initiatives.

Ringleader of Prolific Ransomware Gang Arrested in Ukraine

In a rare instance of an overseas arrest of ransomware perpetrators, four other high-profile gang members were also seized.

Okta Breach Impacted All Customer Support Users—Not 1 Percent

Okta upped its original estimate of customer support users affected by a recent breach from 1 percent to 100 percent, citing a “discrepancy.”

Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that it's responding to a cyber attack that involved the active exploitation of Unitronics programmable logic controllers (PLCs) to target the Municipal Water Authority of Aliquippa in western Pennsylvania. The attack has been attributed to an Iranian-backed hacktivist collective known as Cyber Av3ngers. "Cyber threat

WordPress Royal Elementor Addons And Templates Remote Shell Upload

WordPress Royal Elementor Addons and Templates plugin versions prior to 1.3.79 suffer from a remote shell upload vulnerability.

Red Hat Security Advisory 2023-7540-01

Red Hat Security Advisory 2023-7540-01 - An update for curl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

CVE-2023-6378: News

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn't parse for invalid data