It was discovered that hawk incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file,
a remote attacker could possibly use this issue to cause a denial of service.
Daily Archives: May 30, 2023
Upskilling the non-technical: finding cyber certification and training for internal hires
Finding qualified staff to replace vacancies or build out an expanding team can be a nightmare for already overburdened CISOs, especially given there’s a pernicious and ongoing shortage of skilled cybersecurity workers in the job market. One creative alternative to frustratedly trolling job-search sites is to look inward, rather than outward — to find capable, smart people already working at a company in other areas and train them to fill roles on the cyber team.
There are many benefits to upskilling over hiring anew: current employees don’t need to adjust to the corporate culture, they have institutional memory, they have relationships within the company, and they’re already in the human resources channel. The downside is their lack of training and certification — but that’s a small price to pay for gaining a talented team member.
Retailer Database Error Leaks Over One Million Customer Records
USN-6114-1: nth-check vulnerability
Yeting Li discovered that nth-check incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service.
Nine Million MCNA Dental Customers Hit by Breach
USN-6113-1: Jhead vulnerability
It was discovered that Jhead did not properly handle certain crafted images
while processing the Exif markers. An attacker could possibly use this
issue to crash Jhead, resulting in a denial of service.
Printerlogic multiple vulnerabilities
Posted by Eldar Marcussen on May 29
PrinterLogic SaaS, multiple vulnerabilities
===========================================================
PrinterLogic’s Enterprise Print Management software allows IT
professionals to simplify printer driver management and empower end
users.
— https://www.printerlogic.com/
Background
———————————-
The following findings were identified by performing both dynamic
testing of the PrinterLogic SaaS platform and code…
SEC Consult SA-20230517-0 :: Stored XSS vulnerability in rename functionality in Wekan (Open-Source kanban)
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 29
SEC Consult Vulnerability Lab Security Advisory < 20230517-0 >
=======================================================================
title: Stored XSS vulnerability in rename functionality
product: Wekan (Open-Source kanban)
vulnerable version: <=6.74
fixed version: 6.75 or higher
CVE number: CVE-2023-28485
impact: Medium
homepage: https://wekan.github.io…
SEC Consult SA-20230516-0 :: Multiple Vulnerabilities in Serenity and StartSharp Software
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 29
SEC Consult Vulnerability Lab Security Advisory < 20230516-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Serenity and StartSharp Software
vulnerable version: < 6.7.1
fixed version: 6.7.1 or higher
CVE number: CVE-2023-31285, CVE-2023-31286, CVE-2023-31287
impact: high
homepage:…
APPLE-SA-2023-05-18-2 iOS 15.7.6 and iPadOS 15.7.6
Posted by Apple Product Security via Fulldisclosure on May 29
APPLE-SA-2023-05-18-2 iOS 15.7.6 and iPadOS 15.7.6
iOS 15.7.6 and iPadOS 15.7.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213765.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Accessibility
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st…