Trend Micro said the motives of Void Rabisu seem to have changed since at least October 2022
Daily Archives: June 1, 2023
Potential Backdoor in Gigabyte PCs Exposes Supply Chain Risks
Eclypsium is working closely with Gigabyte to rectify insecure implementation of its app center
USN-6128-2: CUPS vulnerability
USN-6128-1 fixed a vulnerability in CUPS. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that CUPS incorrectly handled logging. A remote attacker
could use this issue to cause CUPS to crash, resulting in a denial of
service, or possibly execute arbitrary code.
USN-6129-1: Avahi vulnerability
It was discovered that Avahi incorrectly handled certain DBus messages. A
local attacker could possibly use this issue to cause Avahi to crash,
resulting in a denial of service.
ISACA pledges to help grow cybersecurity workforce in Europe
Global professional association ISACA has announced a pledge to the European Commission to grow and empower the cybersecurity workforce in Europe. The pledge will see ISACA provide 20,000 free memberships to students across Europe to acquire crucial cybersecurity skills and support the identification of qualified cybersecurity candidates for organizations, supporting the European Union’s (EU) cybersecurity agenda, it said. Closing the cybersecurity workforce gap and promoting diversity within the field will be key focus areas, helping the development of a high-quality cybersecurity workforce that instils confidence among employers, according to ISACA.
[RT-SA-2022-004] STARFACE: Authentication with Password Hash Possible
Posted by RedTeam Pentesting GmbH on Jun 01
Advisory: STARFACE: Authentication with Password Hash Possible
RedTeam Pentesting discovered that the web interface of STARFACE as well
as its REST API allows authentication using the SHA512 hash of the
password instead of the cleartext password. While storing password
hashes instead of cleartext passwords in an application’s database
generally has become best practice to protect users’ passwords in case
of a database compromise, this…
CVE-2015-10109
A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264.
CVE-2014-125104
A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263.
BigID wants to let you tweak your data classifications manually
BigID is adding a feature that lets end users of its data intelligence platform manually adjust classification models, in an effort to make those more precise without the need for advanced coding knowledge.
The company announced today that the new feature, called classifier tuning, would allow users to adjust machine learning models in real time, leading to improved accuracy in the classification of machine-discovered data.
BigID said that the idea is to help businesses, which face increasingly complex data landscapes in their day-to-day operations, keep their information organized and protected. Across cloud, hybrid and local environments, and any number of different applications, organizations may have duplicated data sets in more places than they know, making close scrutiny important from both a privacy and an efficiency perspective.
USN-6128-1: CUPS vulnerability
It was discovered that CUPS incorrectly handled logging. A remote attacker
could use this issue to cause CUPS to crash, resulting in a denial of
service, or possibly execute arbitrary code.