Read Time:3 Second
Regulator alleged Microsoft knowingly collected personal information from children
Monthly Archives: June 2023
CVE-2022-41327
Read Time:20 Second
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.
CVE-2022-39946
Read Time:18 Second
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.
CVE-2022-33877
Read Time:21 Second
An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.
Artificial intelligence is coming to Windows: Are your security policy settings ready?
Read Time:40 Second
What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence, which is seemingly in nearly every application released these days?
From word processing documents to the upcoming Windows 11, which will include AI prompting in the Explorer platform, organizations should review how they want their employees to treat customer data or other confidential information when using AI platforms.
Ofcom Latest MOVEit Victim as Exploit Code Released
Historic Zacks Breach Impacts Nearly Nine Million
US charges two men with Mt. Gox heist, the world’s largest cryptocurrency hack
Read Time:15 Second
More than ten years after the hack of the now-defunct Mt. Gox cryptocurrency exchange, the US Department of Justice says it has identified and charged two men it alleges stole customers’ funds and the exchange’s private keys.
Read more in my article on the Tripwire State of Security blog.
USN-6143-2: Firefox regressions
Read Time:36 Second
USN-6143-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-34414,
CVE-2023-34416, CVE-2023-34417)
Jun Kokatsu discovered that Firefox did not properly validate site-isolated
process for a document loaded from a data: URL that was the result of a
redirect, leading to an open redirect attack. An attacker could possibly
use this issue to perform phishing attacks. (CVE-2023-34415)
DSA-5424 php7.4 – security update
Read Time:9 Second
It was discovered that PHP’s implementation of SOAP HTTP Digest
authentication performed insufficient error validation, which may result
in a stack information leak or use of weak randomness.