USN-6116-1: hawk vulnerability

Read Time:12 Second

It was discovered that hawk incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.

Read More

Upskilling the non-technical: finding cyber certification and training for internal hires

Read Time:44 Second

Finding qualified staff to replace vacancies or build out an expanding team can be a nightmare for already overburdened CISOs, especially given there’s a pernicious and ongoing shortage of skilled cybersecurity workers in the job market. One creative alternative to frustratedly trolling job-search sites is to look inward, rather than outward — to find capable, smart people already working at a company in other areas and train them to fill roles on the cyber team.

There are many benefits to upskilling over hiring anew: current employees don’t need to adjust to the corporate culture, they have institutional memory, they have relationships within the company, and they’re already in the human resources channel. The downside is their lack of training and certification — but that’s a small price to pay for gaining a talented team member.

To read this article in full, please click here

Read More

Printerlogic multiple vulnerabilities

Read Time:15 Second

Posted by Eldar Marcussen on May 29

PrinterLogic SaaS, multiple vulnerabilities
===========================================================
PrinterLogic’s Enterprise Print Management software allows IT
professionals to simplify printer driver management and empower end
users.
https://www.printerlogic.com/

Background
———————————-
The following findings were identified by performing both dynamic
testing of the PrinterLogic SaaS platform and code…

Read More

SEC Consult SA-20230517-0 :: Stored XSS vulnerability in rename functionality in Wekan (Open-Source kanban)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 29

SEC Consult Vulnerability Lab Security Advisory < 20230517-0 >
=======================================================================
title: Stored XSS vulnerability in rename functionality
product: Wekan (Open-Source kanban)
vulnerable version: <=6.74
fixed version: 6.75 or higher
CVE number: CVE-2023-28485
impact: Medium
homepage: https://wekan.github.io

Read More

SEC Consult SA-20230516-0 :: Multiple Vulnerabilities in Serenity and StartSharp Software

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 29

SEC Consult Vulnerability Lab Security Advisory < 20230516-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Serenity and StartSharp Software
vulnerable version: < 6.7.1
fixed version: 6.7.1 or higher
CVE number: CVE-2023-31285, CVE-2023-31286, CVE-2023-31287
impact: high
homepage:…

Read More

APPLE-SA-2023-05-18-2 iOS 15.7.6 and iPadOS 15.7.6

Read Time:26 Second

Posted by Apple Product Security via Fulldisclosure on May 29

APPLE-SA-2023-05-18-2 iOS 15.7.6 and iPadOS 15.7.6

iOS 15.7.6 and iPadOS 15.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213765.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st…

Read More