Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-42006: Security Bulletin: IBM Administration Runtime Expert for i is vulnerable to an attacker obtaining sensitive information due to CVE-2023-42006

IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266.

CVE
Open in Source
#vulnerability#auth#ibm
Google to Delete Inactive Gmail Accounts From Today: What You Need to Know

By Deeba Ahmed Google will delete free Google accounts that have not been signed into for two years and do not have any active subscriptions. This is a post from HackRead.com Read the original post: Google to Delete Inactive Gmail Accounts From Today: What You Need to Know

Saudi Companies Outsource Cybersecurity Amid 'Serious' Incidents

Saudi companies are seeking extra help in droves, because of a lack of tools and personnel.

The US Needs to Follow Germany's Attack-Detection Mandate

A more proactive approach to fighting cyberattacks for US companies and agencies is shaping up under the CISA's proposal to emphasize real-time attack detection and response.

Kopage Website Builder 4.4.15 Cross Site Scripting

Kopage Website Builder version 4.4.15 suffers from a persistent cross site scripting vulnerability.

WBCE CMS 1.6.1 Shell Upload

WBCE CMS version 1.6.1 suffers from a remote shell upload vulnerability.

CVE-2023-28896: CVE-2023-28896: Weak encoding for password in UDS services - Automotive Security Research Group

Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Simple Hacking Technique Can Extract ChatGPT Training Data

Apparently all it takes to get a chatbot to start spilling its secrets is prompting it to repeat certain words like "poem" forever.

CVE-2023-6449: Contact Form 7 <= 5.8.3 - Authenticated (Editor+) Arbitrary File Upload — Wordfence Intelligence

The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion.

Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats

The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation