Read Time:3 Second
** REJECT ** This candidate is unused by its CNA.
Monthly Archives: September 2023
USN-6373-1: gawk vulnerability
Read Time:14 Second
It was discovered that gawk could be made to read out of bounds when
processing certain inputs. If a user or an automated system were tricked
into opening a specially crafted input, an attacker could possibly use
this issue to cause a denial of service.
USN-6372-1: DBus vulnerability
Read Time:9 Second
It was discovered that DBus incorrectly handled certain
invalid messages. A local attacker could possibly use
this issue to cause DBus to crash, resulting in a denial
of service.
Upcoming Speaking Engagements
Read Time:12 Second
This is a current list of where and when I am scheduled to speak:
I’m speaking at swampUP 2023 in San Jose, California, on September 13, 2023 at 11:35 AM PT.
The list is maintained on this page.
CVE-2021-28485
Read Time:7 Second
Ericsson Mobile Switching Center Server (MSC-S) BC 18A and IS 3.1 releases before IS 3.1 CP22 allows Directory Traversal.
BLASTPASS: Government agencies told to secure iPhones against spyware attacks
Read Time:15 Second
CISA, the United States’s Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group.
Read more in my article on the Tripwire State of Security blog.
Greater Manchester Police latest force to suffer serious data breach
Read Time:14 Second
Uh-oh, yet another UK police force has suffered a serious data breach.
After the incidents involving Cumbria Police, Norfolk and Suffolk Police, and – perhaps worst of all – the PSNI in Northern Ireland, it’s now Greater Manchester Police finding itself in the hot seat.
USN-6371-1: libssh2 vulnerability
Read Time:6 Second
It was discovered that libssh2 incorrectly handled memory
access. An attacker could possibly use this issue to cause
a crash.
Manchester Police Officers’ Data Breached in Third-Party Attack
Read Time:4 Second
Officers working undercover or in sensitive roles like intelligence could be exposed
Automation is key to effective and efficient pentest reporting
Read Time:21 Second
Graham Cluley Security News is sponsored this week by the folks at PlexTrac. Thanks to the great team there for their support! Getting high-quality, actionable pentesting reports doesn’t have to take hours. In fact, automating your processes with PlexTrac enables building a report in as little as five minutes! Conquer time-consuming processes, reduce potential for … Continue reading “Automation is key to effective and efficient pentest reporting”