Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Best Courier Management System 1.0 SQL Injection

Best Courier Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
Open in Source
#sql#vulnerability#windows#google#php#auth#firefox
Appointment Scheduler 4.0 Insecure Direct Object Reference

Appointment Scheduler version 4.0 suffers from an insecure direct object reference vulnerability.

GHSA-qv35-3gw6-8q4j: In regclient, pinned manifest digests may be ignored

### Impact A malicious registry could return a different digest for a pinned manifest without detection. ### Patches This has been fixed in the v0.7.1 release. ### Workarounds After running a `regclient.ManifestGet`, the returned digest can be compared to the requested digest.

Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in Windows 11 to block malicious, untrusted, and potentially unwanted apps from being run

Ryan Pentney reflects on 10 years of Talos and his many roles from the Sourcefire days

Pentney and his team are threat hunters and researchers who contribute to Talos’ research and reports shared with government and private sector partners.

Enhancing Incident Response Readiness with Wazuh

Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and effective response, minimizing damage and restoring normal operations quickly. Challenges in incident

GHSA-62qf-qm3g-fvcw: Apache Airflow Providers FAB Insufficient Session Expiration vulnerability

Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out.   * FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of Airflow are not affected) * FAB provider 1.2.0 affected all versions of Airflow. Users who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue. Users who run Any Apache Airflow version and have FAB provider 1.2.0 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue. Also upgrading Apache Airflow to latest version available is recommended. Note: Early version of Airflow reference container images of Airflow 2.9.3 and constraint files contained FAB provider 1.2.1 version, but this is fixed in updated versions of the images.  Users...

A week in security (July 29 – August 4)

A list of topics we covered in the week of July 29 to August 4 of 2024

Microsoft Bounty Program Year in Review: $16.6M in Rewards 

We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center (MSRC). Each year we identify over a thousand potential security issues together, safeguarding our customers from possible threats through the Microsoft Bounty Program.

GHSA-ffxg-5f8m-h72j: Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.