Encrypted comms platform was used by organized criminals
Monthly Archives: June 2023
Experts Unconvinced by Upskill in UK Cyber Program
Its 3600 applicants will barely make a dent in overall skills shortages
USN-6189-1: etcd vulnerability
It was discovered that etcd leaked credentials when debugging
was enabled. This allowed remote attackers to discover etcd
authentication credentials and possibly escalate privileges on
systems using etcd.
DSA-5440 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
CVE-2020-18414
Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset.
CVE-2020-18409
Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.
CVE-2020-18404
An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter.
Typing Incriminating Evidence in the Memo Field
Don’t do it:
Recently, the manager of the Harvard Med School morgue was accused of stealing and selling human body parts. Cedric Lodge and his wife Denise were among a half-dozen people arrested for some pretty grotesque crimes. This part is also at least a little bit funny though:
Over a three-year period, Taylor appeared to pay Denise Lodge more than $37,000 for human remains. One payment, for $1,000 included the memo “head number 7.” Another, for $200, read “braiiiiiins.”
It’s so easy to think that you won’t get caught.
CVE-2020-19902
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter.
CVE-2020-18416
An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information.