Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Italian Watchdog Bans OpenAI's ChatGPT Over Data Protection Concerns

The Italian data protection watchdog, Garante per la Protezione dei Dati Personali (aka Garante), has imposed a temporary ban of OpenAI's ChatGPT service in the country, citing data protection concerns. To that end, it has ordered the company to stop processing users' data with immediate effect, stating it intends to investigate the company over whether it's unlawfully processing such data in

The Hacker News
Open in Source
#web#google#microsoft#cisco#intel#perl#The Hacker News
Threat Advisory: 3CX Softphone Supply Chain Compromise

Cisco Talos is tracking and actively responding to a supply chain attack involving the 3CX Desktop Softphone application. This is a multi-stage attack that involves sideloading DLLs, seven-day sleep routines, and additional payloads dependent on a now-removed GitHub repository for Windows based systems. MacOS systems used a different infection chain

Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack

XXE attacks allow an adversary to interact with other backend or external systems that OpManager accesses.

Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe

Very few of us looking to buy these pieces of equipment are qualified to say if these products are even secure, and those among us who are are probably smart enough to know not to buy these products in the first place.

CVE-2022-43473: Security Updates - CVE-2022-43473 | ManageEngine OpManager

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

CVE-2023-22845: TALOS-2023-1708 || Cisco Talos Intelligence Group

An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-24473: TALOS-2023-1707 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2023-24472: TALOS-2023-1709 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.

Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser

OpenImageIO is a library that converts, compares and processes various image files. Blender and AliceVision, two often used computer imaging services, utilize the library, among other software offerings.