Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Cybersecurity is a Team Sport

Enterprise security goes beyond tech leadership, and beyond the CISO's office. Achieving cybersecurity and resilience is a team effort, and requires building a culture of security awareness.

DARKReading
Open in Source
#vulnerability#google#git#auth
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs

Hundreds of consumer and enterprise-grade x86 and ARM models from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover.

CVE-2023-38268: Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2023-38268)

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.

GHSA-r8j9-5cj7-cv39: Reflected XSS Vulnerability in dpaste

### Impact A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. ### Patches - A patch has been applied to the dpaste GitHub repository to address the specific content value injection vulnerability. - Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. - The patch can be viewed and applied from the following link: [dpaste Commit Patch](https://github.com/DarrenOfficial/dpaste/commit/44a666a79b3b29ed4f340600bfcf55113bfb7086.patch) ### Workarounds At this time, the recommended course of action is to apply the provided patch to the affected systems. No known workarounds have been ident...

Japan's Space Program at Risk After Microsoft Active Directory Breach

The agency, known as JAXA, has shut down parts of its network as it conducts an investigation to discover the scope and impact of the breach.

Emirates CISOs Flag Rampant Cybersecurity Gaps

UAE security leaders warn that people, tech, and process gaps are exposing their organizations to cybercrime.

CVE-2023-42006: Security Bulletin: IBM Administration Runtime Expert for i is vulnerable to an attacker obtaining sensitive information due to CVE-2023-42006

IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266.

Google to Delete Inactive Gmail Accounts From Today: What You Need to Know

By Deeba Ahmed Google will delete free Google accounts that have not been signed into for two years and do not have any active subscriptions. This is a post from HackRead.com Read the original post: Google to Delete Inactive Gmail Accounts From Today: What You Need to Know

Saudi Companies Outsource Cybersecurity Amid 'Serious' Incidents

Saudi companies are seeking extra help in droves, because of a lack of tools and personnel.

The US Needs to Follow Germany's Attack-Detection Mandate

A more proactive approach to fighting cyberattacks for US companies and agencies is shaping up under the CISA's proposal to emphasize real-time attack detection and response.