SEC filings reveal multimillion-dollar costs of two serious 2023 cyber-attacks on Clorox and Johnson Controls
Daily Archives: February 5, 2024
UK Court Backlog Blocks Attempts to Fight Fraud Epidemic
KPMG research finds a similar number of high-value UK fraud cases heard in 2023 to previous year
ZDI-24-085: (Pwn2Own) TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-1179.
ZDI-24-086: TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-1180.
DSA-5616-1 ruby-sanitize – security update
It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer,
insufficiently sanitised