What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-28 17:15:10 | CVE-2022-20551 (lien direct) | In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20937 (lien direct) | In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20944 (lien direct) | In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558 | Guideline | ||
|
2023-02-28 17:15:10 | CVE-2023-20938 (lien direct) | In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel | Guideline | ||
|
2023-02-28 16:15:09 | CVE-2023-25807 (lien direct) | DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. | Vulnerability Guideline | ||
|
2023-02-28 16:15:09 | CVE-2023-25266 (lien direct) | An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE). | Guideline | ||
|
2023-02-28 16:15:09 | CVE-2023-25265 (lien direct) | Docmosis Tornado | Guideline | ||
|
2023-02-28 15:15:12 | CVE-2023-23983 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin | Vulnerability Guideline | ||
|
2023-02-28 15:15:12 | CVE-2023-23865 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin | Vulnerability Guideline | ||
|
2023-02-28 15:15:11 | CVE-2022-47612 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin | Vulnerability Guideline | ||
|
2023-02-28 15:15:10 | CVE-2022-47179 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin | Vulnerability Guideline | ||
 |
2023-02-28 14:50:00 | Australia Implements Stronger Cyber Security Measures Against Threats (lien direct) | >Following a series of major data breaches in Australia, the government is undertaking a significant overhaul of its cyber security rules. To better protect against cyber threats, legislators are establishing an agency tasked with managing government investments in cyber security and coordinating national responses to cyber attacks. During a meeting with industry leaders, Prime Minister … | Guideline | ★★★ | |
|
2023-02-28 14:15:09 | CVE-2023-23992 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin | Vulnerability Guideline | ||
 |
2023-02-28 14:00:00 | CyberheistNews Vol 13 #09 [Eye Opener] Should You Click on Unsubscribe? (lien direct) |
CyberheistNews Vol 13 #09 | February 28th, 2023
[Eye Opener] Should You Click on Unsubscribe?
By Roger A. Grimes.
Some common questions we get are "Should I click on an unwanted email's 'Unsubscribe' link? Will that lead to more or less unwanted email?"
The short answer is that, in general, it is OK to click on a legitimate vendor's unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action.
In many countries, legitimate vendors are bound by law to offer (free) unsubscribe functionality and abide by a user's preferences. For example, in the U.S., the 2003 CAN-SPAM Act states that businesses must offer clear instructions on how the recipient can remove themselves from the involved mailing list and that request must be honored within 10 days.
Note: Many countries have laws similar to the CAN-SPAM Act, although with privacy protection ranging the privacy spectrum from very little to a lot more protection. The unsubscribe feature does not have to be a URL link, but it does have to be an "internet-based way." The most popular alternative method besides a URL link is an email address to use.
In some cases, there are specific instructions you have to follow, such as put "Unsubscribe" in the subject of the email. Other times you are expected to craft your own message. Luckily, most of the time simply sending any email to the listed unsubscribe email address is enough to remove your email address from the mailing list.
[CONTINUED] at the KnowBe4 blog:https://blog.knowbe4.com/should-you-click-on-unsubscribe
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 1, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approac |
Malware Hack Tool Vulnerability Threat Guideline Prediction | APT 38 ChatGPT | ★★★ |
 |
2023-02-28 13:04:02 | Cybereason Named a Leader in 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (lien direct) |
|
Guideline | ★★ | |
 |
2023-02-28 11:06:59 | Netacea Partners with Technology Solutions Broker Telarus (lien direct) | Netacea Partners with Leading Technology Solutions Broker Telarus Netacea's enterprise bot management platform enables Telarus to provide a more comprehensive security offering to their network of global technology consultants - Business News | Guideline | ★★ | |
 |
2023-02-28 11:00:00 | AT&T Cybersecurity announces 2023 \'Partner of the Year Award\' winners (lien direct) | We’re so excited to announce our 2023 Partner of the Year awards. These annual awards recognize AT&T Cybersecurity partners that demonstrate excellence in growth, innovation, and implementation of customer solutions based on our AT&T USM Anywhere platform. AT&T Cybersecurity’s 2023 Global Partner of the Year award goes to Cybersafe Solutions! Cybersafe Solutions experienced incredible growth in 2022 and we’re thrilled to be partnering with their team to help customers orchestrate and automate their security. In addition to Cybersafe Solutions as our Global Partner of the Year, we’re proud to recognize seven other partners who demonstrated excellence in 2022. See below for the full list of winners and their feedback regarding their partnership with AT&T Cybersecurity. Global Awards: Global Partner of the Year: Cybersafe Solutions “I am humbled and honored to accept AT&T's 2023 Global Partner of the Year Award. Throughout our partnership, we have worked together to develop a comprehensive solution that enables Cybersafe to continuously monitor our customers' networks to identify and mitigate threats rapidly. Sincere thanks to the entire AT&T team on contributing to this success. We are truly excited for what the future holds!” -Mark Petersen, Vice President of Sales Growth Partner of the Year: Xerox New Partner of the Year: Arete Advisors “Arete is honored to be named AT&T Cybersecurity’s New Partner of the Year. Our complementary partnership combines unique threat intelligence from AT&T’s USM Anywhere SIEM platform with Arete’s XDR platform to provide our clients with faster threat detection and greater clarity. We look forward to a future of continued growth together as we work to transform the way organizations prepare for, respond to, and prevent cybercrime.” -Joe Mann, CEO Distributor of the Year: Ingram Micro “The cybersecurity threat landscape is growing in complexity—calling for greater collaboration across the IT channel ecosystem and between MSPs and their customers to stay secure. Together with AT&T Cybersecurity we are empowering channel partners with the knowledge and solutions needed to better protect their house and their customers from cyber attacks. It is an honor to be recognized three years in a row as AT&T Cybersecurity’s Distributor of the Year.” -Eric Kohl, Vice President, Security and Networking Regional Awards These awards recognize partners that had the highest sales bookings in each of the 4 regions during last year. North American Partner of the Year: Coretelligent “We are honored to be recognized as AT&T Cybersecurity’s North American Partner of the Year and look forward to our continued partnership and delivering leading-edge security solutions to our shared clients. Coretelligent and AT&T Cybersecurity are a best-in-class pairing that provides the robust and secure cybersecurity management and monitoring that enterprises need to defend against the extreme threats of today’s cyber landscape.” -Kevin J. Routhier, Founder and CEO EMEA Partner of the Year: Softcat “We are thrilled to be announced as AT&T’s Cybersecurity EMEA Partner of the year for 2023. We’ve thoroughly enjoyed working with AT&T of the course of the past year and we’re so thankful that our dedication has paid off. We’d love to thank everyone at AT&T and Softcat who has worked with us on various projects during this period.” - Aoibhín Hamill, Cyber Managed Services Advisor APAC Partner of the Year: Vigilant "We are thrilled and honored to receive the | Threat Guideline | ★ | |
|
2023-02-28 10:13:06 | Disruptions from Ransomware and Cyberattacks on Supply Chains and Critical Infrastructure Sharpen Focus on OT Security for 2023, TXOne Networks and Frost & Sullivan Analysis Reveals (lien direct) | Disruptions from Ransomware and Cyberattacks on Supply Chains and Critical Infrastructure Sharpen Focus on OT Security for 2023, TXOne Networks and Frost & Sullivan Analysis Reveals TXOne Networks, global leader of OT-native security solutions for ICS, delivers an in-depth report on the contemporary threat landscape - Special Reports | Ransomware Threat Guideline | ★★★★ | |
 |
2023-02-28 09:00:14 | Our commitment to fighting invalid traffic on Connected TV (lien direct) | Posted by Michael Spaulding, Senior Product Manager, Ad Traffic QualityConnected TV (CTV) has not only transformed the entertainment world, it has also created a vibrant new platform for digital advertising. However, as with any innovative space, there are challenges that arise, including the emergence of bad actors aiming to siphon money away from advertisers and publishers through fraudulent or invalid ad traffic. Invalid traffic is an evolving challenge that has the potential to affect the integrity and health of digital advertising on CTV. However, there are steps the industry can take to combat invalid traffic and foster a clean, trustworthy, and sustainable ecosystem.Information sharing and following best practicesEvery player across the digital advertising ecosystem has the opportunity to help reduce the risk of CTV ad fraud. It starts by spreading awareness across the industry and building a commitment among partners to share best practices for defending against invalid traffic. Greater transparency and communication are crucial to creating lasting solutions.One key best practice is contributing to and using relevant industry standards. We encourage CTV inventory providers to follow the CTV/OTT Device & App Identification Guidelines and IFA Guidelines. These guidelines, both of which were developed by the IAB Tech Lab, foster greater transparency, which in turn reduces the risk of invalid traffic on CTV. More information and details about using these resources can be found in the following guide: Protecting your ad-supported CTV experiences.Collaborating on standards and solutionsNo single company or industry group can solve this challenge on their own, we need to work collaboratively to solve the problem. Fortunately, we're already seeing constructive efforts in this direction with industry-wide standards.For example, the broad implementation of the IAB Tech Lab's app-ads.txt and its web counterpart, ads.txt, have brought greater transparency to the digital advertising supply chain and have helped combat ad fraud by allowing advertisers to verify the sellers from whom they buy inventory. In 2021, the IAB Tech Lab extended the app-ads.txt standard to CTV in order to better protect and support CTV advertisers. This update is the first of several industry-wide steps that have been taken to further protect CTV advertising. In early 2022, the IAB Tech Lab released the ads.cert 2.0 “protocol suite,” along with a proposal to utilize this new standard to secure server-side connections (including for server-side ad insertion). Ads.cert 2.0 will also power future industry standards focused on securing the supply chain and preventing misrepresentation.In addition to these efforts, the Media Rating Council (MRC) also engaged with stakeholders to develop its | Guideline | ★★★ | |
|
2023-02-28 08:15:56 | 7th March: SANS Institute to Host Networking Event for Cyber Reskilling Program in Bahrain (lien direct) | SANS Institute to Host Networking Event for Cyber Reskilling Program in Bahrain Gain priority access to the next generation of cyber leaders by signing up for the employer partner program - EVENTS | Guideline | ★★ | |
|
2023-02-28 00:15:09 | CVE-2015-10086 (lien direct) | A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808. | Vulnerability Guideline | ||
|
2023-02-28 00:00:00 | Sovereign Safe Controls Access to their Safety Deposit Vault through Efficient Matrix Security Solutions (lien direct) | Sovereign Safe provides deposit facilities that truly push the global standards of the safe deposit industry. With the very latest modular high compression steel vaults constructed and installed by specialist manufacturers, state-of-the-art biometric access with complete audit trail from electronic alarmed lockers, Sovereign stands unrivalled as a leader amongst any high security facility anywhere in the world. No high street bank nor any safe deposit centre can match their credentials and the extraordinary security levels they have achieved. - Market News | Guideline | ★★ | |
|
2023-02-27 22:15:09 | CVE-2023-1055 (lien direct) | A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. | Vulnerability Threat Guideline | ||
|
2023-02-27 21:15:12 | CVE-2023-26043 (lien direct) | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23517 (lien direct) | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23529 (lien direct) | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23512 (lien direct) | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Visiting a website may lead to an app denial-of-service. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23519 (lien direct) | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, iOS 16.3 and iPadOS 16.3, watchOS 9.3. Processing an image may lead to a denial-of-service. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23518 (lien direct) | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23524 (lien direct) | A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service. | Guideline | ||
|
2023-02-27 20:15:14 | CVE-2023-23513 (lien direct) | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. | Guideline | ||
|
2023-02-27 20:15:13 | CVE-2023-23496 (lien direct) | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. | Guideline | ||
|
2023-02-27 20:15:12 | CVE-2022-46705 (lien direct) | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | Guideline | ||
|
2023-02-27 20:15:12 | CVE-2022-42826 (lien direct) | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. | Guideline | ||
|
2023-02-27 20:15:12 | CVE-2022-32891 (lien direct) | The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing. | Guideline | ||
|
2023-02-27 20:15:11 | CVE-2022-32830 (lien direct) | An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.6, iOS 15.6 and iPadOS 15.6. Processing a maliciously crafted image may lead to disclosure of user information. | Guideline | ||
|
2023-02-27 18:15:19 | CVE-2022-48260 (lien direct) | There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to device service exceptions. | Vulnerability Guideline | ||
|
2023-02-27 18:15:19 | CVE-2022-48255 (lien direct) | There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. | Vulnerability Guideline | ||
|
2023-02-27 18:15:19 | CVE-2022-48230 (lien direct) | There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS. | Vulnerability Guideline | ||
|
2023-02-27 16:15:12 | CVE-2023-0552 (lien direct) | The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability | Vulnerability Guideline | ||
|
2023-02-27 16:15:12 | CVE-2023-0334 (lien direct) | The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin | Guideline | ||
|
2023-02-27 16:15:12 | CVE-2023-0487 (lien direct) | The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin | Guideline | ||
|
2023-02-27 16:15:11 | CVE-2023-0043 (lien direct) | The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | Guideline | ||
|
2023-02-27 16:15:11 | CVE-2023-0278 (lien direct) | The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | Guideline | ||
|
2023-02-27 16:15:11 | CVE-2023-0279 (lien direct) | The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | Guideline | ||
|
2023-02-27 16:15:11 | CVE-2022-4550 (lien direct) | The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing | Guideline | ||
|
2023-02-27 15:15:11 | CVE-2022-45140 (lien direct) | The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | Guideline | ||
|
2023-02-27 15:15:11 | CVE-2022-45138 (lien direct) | The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device. | Vulnerability Guideline | ||
|
2023-02-27 15:15:11 | CVE-2022-45137 (lien direct) | The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. | Guideline | ||
|
2023-02-27 15:15:11 | CVE-2022-45139 (lien direct) | A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of information readable the impact only affects a small subset of confidentiality. | Guideline |
To see everything:
Our RSS (filtrered)
