Aggregator

CyberJunkie walks us through a new detection technique he uncovered using Windows SmartScreen Debug Event Logs. Follow this step-by-step guide to see how it works.

A vulnerability has been found in Novell Access Manager 3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /nidp/idff/sso of the component Error Message Handler. The manipulation of the argument IssueInstant leads to basic cross site scripting. This vulnerability is known as CVE-2007-0110. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Contact Form Generator Plugin up to 2.6.0 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2023-35911. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in click5 History Log Plugin up to 1.0.12 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2023-5082. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Simple Table Manager Plugin up to 1.5.6 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2023-4858. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Total-Soft Video Gallery Plugin up to 2.1.3 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2023-45069. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Page Visit Counter Plugin up to 7.1.1 on WordPress. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2023-45074. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Avirtum ImageLinks Interactive Image Builder Plugin up to 1.5.4 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2023-46823. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in Front End PM Plugin up to 11.4.2 on WordPress. Affected is an unknown function of the component Private Message Handler. The manipulation leads to files or directories accessible. This vulnerability is traded as CVE-2023-4930. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in WP Discord Invite Plugin up to 2.5.1 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-5181. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Responsive Pricing Table Plugin up to 5.1.7 on WordPress and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-4810. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in User Registration Plugin 2.0.2/2.2.4.1/2.3.1/2.12/3.0.2.1 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-5228. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Awesome Support Plugin up to 6.1.4 on WordPress and classified as critical. Affected by this vulnerability is the function wpas_edit_reply. The manipulation leads to improper access controls. This vulnerability is known as CVE-2023-5352. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Recent Upheavals in Job Market Underscore the Need for a Security-Minded Culture
Technology and training are key components of a strong insider risk program, but in times like these, the real key to success lies in your organization's culture. Do your employees feel valued? If the answer is no, your insider threat level could be off the charts.

Vendor Providing Employee Screenings Across Multiple Sectors Reports Cyber Incident
DISA Global Solutions, a third-party administrator of background checks and drug and alcohol testing for employers in multiple industries, said 3.3 million individuals are affected by a data theft incident that happened a year ago. The firm is already facing several lawsuits involving the breach.

Swedish Prime Minister Proposes Fast-Tracking Bill to Surveil Minors
A proposal by the Swedish prime minister to fast track legislation allowing police to surveil minors could cause end-to-end encrypted chat app Signal to leave the country. The government in effect is asking for backdoor access, said Signal President Meredith Whittaker.

CEO Raymond Brancato: Ex-Skybox Customers Get Express Onboarding, Flexible Pricing
Tufin has purchased select Skybox assets and business information, focusing on migrating affected customers to its platform. CEO Raymond Brancato outlines the company's transition strategy, including special pricing, dedicated support and plans to hire former Skybox Security employees.

Republicans Block Probe Into Cyber Workforce Cuts, DOGE Access to Federal Systems
Republican lawmakers on the U.S. House Committee on Homeland Security blocked a Democratic effort to investigate Elon Musk's access to sensitive federal networks and the impact of President Donald Trump's hiring freeze on an already strained cyber workforce.

Как сокращение 500 сотрудников скажется на глобальной позиции США в сфере технологий?