Read Time:9 Second
Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code.
Monthly Archives: June 2023
Cybersixgill automates threat intelligence with IQ generative AI application
Read Time:30 Second
Cybersixgill’s new IQ cybersecurity threat intelligence application promises to offer quicker and more digestible intelligence on potential threats on the dark web, by leveraging generative AI to provide automated reporting and dissemination of information.
The idea is to simplify access to threat intelligence data, which ordinarily is done manually by analysts. According to the company’s announcement, Cybersixgill IQ, which is trained on the company’s own data sets, is able to “democratize” cybersecurity threat intelligence by taking raw intelligence and generating contextual summaries suitable for security teams.
USN-6166-1: libcap2 vulnerabilities
Read Time:21 Second
David Gstir discovered that libcap2 incorrectly handled certain return
codes. An attacker could possibly use this issue to cause libcap2 to
consume memory, leading to a denial of service. (CVE-2023-2602)
Richard Weinberger discovered that libcap2 incorrectly handled certain long
input strings. An attacker could use this issue to cause libcap2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-2603)
EU Passes Landmark Artificial Intelligence Act
Read Time:4 Second
The European Parliament adopted the latest draft of the legislation with an overwhelming majority
CIS Benchmarks Community Volunteer Spotlight: Daniel Jasiak
Read Time:8 Second
Daniel Jasiak has done a lot to support effective security controls for cyber defense as a volunteer of the CIS Benchmarks Community. Hear his story.
USN-6165-1: GLib vulnerabilities
Read Time:10 Second
It was discovered that GLib incorrectly handled non-normal GVariants. An
attacker could use this issue to cause GLib to crash, resulting in a denial
of service, or perform other unknown attacks.
USN-6164-1: c-ares vulnerabilities
Read Time:21 Second
Hannes Moesl discovered that c-ares incorrectly handled certain ipv6
addresses. An attacker could use this issue to cause c-ares to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-31130)
Xiang Li discovered that c-ares incorrectly handled certain UDP packets. A
remote attacker could possibly use this issue to cause c-res to crash,
resulting in a denial of service. (CVE-2023-32067)
USN-6163-1: pano13 vulnerabilities
Read Time:28 Second
It was discovered that pano13 did not properly validate the prefix provided
for PTcrop’s output. An attacker could use this issue to cause pano13 to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-20307)
It was discovered that pano13 did not properly handle certain crafted TIFF
images. An attacker could use this issue to cause pano13 to crash,
resulting in a denial of service. (CVE-2021-33293)
CIS Controls Community Volunteer Spotlight: Keala Asato
Read Time:8 Second
Keala Asato has done a lot to support effective security controls for cyber defense as a volunteer of the CIS Controls Community. Hear his story.
Researchers Uncover XSS Vulnerabilities in Azure Services
Read Time:4 Second
They could allow unauthorized access to sessions within the compromised Azure service iframe