ShareFile Pre-Auth RCE (CVE-2023-24489) – Assetnote
29
Aug
2023

Advisory: Flarum LFI – Assetnote

Summary An attacker with a basic user forum account can specify a malicious avatar URL that discloses the contents of…

Share: X : Advisory: Flarum LFI – AssetnoteFacebook : Advisory: Flarum LFI – AssetnoteLinkedin : Advisory: Flarum LFI – AssetnoteReddit : Advisory: Flarum LFI – AssetnoteTelegram : Advisory: Flarum LFI – AssetnoteWhatsApp : Advisory: Flarum LFI – AssetnoteEmail : Advisory: Flarum LFI – Assetnote
29
Aug
2023

Is the cybersecurity community’s obsession with compliance counter-productive?

Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on…

Share: X : Is the cybersecurity community’s obsession with compliance counter-productive?Facebook : Is the cybersecurity community’s obsession with compliance counter-productive?Linkedin : Is the cybersecurity community’s obsession with compliance counter-productive?Reddit : Is the cybersecurity community’s obsession with compliance counter-productive?Telegram : Is the cybersecurity community’s obsession with compliance counter-productive?WhatsApp : Is the cybersecurity community’s obsession with compliance counter-productive?Email : Is the cybersecurity community’s obsession with compliance counter-productive?
29
Aug
2023

11 search engines for cybersecurity research you can use right now

Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below….

Share: X : 11 search engines for cybersecurity research you can use right nowFacebook : 11 search engines for cybersecurity research you can use right nowLinkedin : 11 search engines for cybersecurity research you can use right nowReddit : 11 search engines for cybersecurity research you can use right nowTelegram : 11 search engines for cybersecurity research you can use right nowWhatsApp : 11 search engines for cybersecurity research you can use right nowEmail : 11 search engines for cybersecurity research you can use right now
ShareFile Pre-Auth RCE (CVE-2023-24489) – Assetnote
29
Aug
2023

Leaking File Contents with a Blind File Oracle in Flarum – Assetnote

Flarum is a free, open source PHP-based forum software used for everything from gaming hobbyist sites to cryptocurrency discussion. A…

Share: X : Leaking File Contents with a Blind File Oracle in Flarum – AssetnoteFacebook : Leaking File Contents with a Blind File Oracle in Flarum – AssetnoteLinkedin : Leaking File Contents with a Blind File Oracle in Flarum – AssetnoteReddit : Leaking File Contents with a Blind File Oracle in Flarum – AssetnoteTelegram : Leaking File Contents with a Blind File Oracle in Flarum – AssetnoteWhatsApp : Leaking File Contents with a Blind File Oracle in Flarum – AssetnoteEmail : Leaking File Contents with a Blind File Oracle in Flarum – Assetnote
29
Aug
2023

IT leaders alarmed by generative AI’s SaaS security implications

IT leaders are grappling with anxiety over the risks of generative AI despite continued confidence in their software-as-a-service (SaaS) security…

Share: X : IT leaders alarmed by generative AI’s SaaS security implicationsFacebook : IT leaders alarmed by generative AI’s SaaS security implicationsLinkedin : IT leaders alarmed by generative AI’s SaaS security implicationsReddit : IT leaders alarmed by generative AI’s SaaS security implicationsTelegram : IT leaders alarmed by generative AI’s SaaS security implicationsWhatsApp : IT leaders alarmed by generative AI’s SaaS security implicationsEmail : IT leaders alarmed by generative AI’s SaaS security implications
UK flight plan system outage leads to hundreds of cancellations
29
Aug
2023

UK flight plan system outage leads to hundreds of cancellations – Software

Air traffic in the UK is recovering from a technology outage that caused widespread flight disruptions and cancellations overnight. The…

Share: X : UK flight plan system outage leads to hundreds of cancellations – SoftwareFacebook : UK flight plan system outage leads to hundreds of cancellations – SoftwareLinkedin : UK flight plan system outage leads to hundreds of cancellations – SoftwareReddit : UK flight plan system outage leads to hundreds of cancellations – SoftwareTelegram : UK flight plan system outage leads to hundreds of cancellations – SoftwareWhatsApp : UK flight plan system outage leads to hundreds of cancellations – SoftwareEmail : UK flight plan system outage leads to hundreds of cancellations – Software
A week in security (August 21 - August 27)
29
Aug
2023

A week in security (August 21 – August 27)

Last week on Malwarebytes Labs: Teenage members of Lapsus$ ransomware gang convicted Update now! Google Chrome’s first weekly update has…

Share: X : A week in security (August 21 – August 27)Facebook : A week in security (August 21 – August 27)Linkedin : A week in security (August 21 – August 27)Reddit : A week in security (August 21 – August 27)Telegram : A week in security (August 21 – August 27)WhatsApp : A week in security (August 21 – August 27)Email : A week in security (August 21 – August 27)
Virgin Australia baggage tracking tool takes off
29
Aug
2023

Virgin Australia baggage tracking tool takes off – Software

Virgin Australia has released a baggage tracking tool for more than two-thirds of its domestic network. The airline’s new digital…

Share: X : Virgin Australia baggage tracking tool takes off – SoftwareFacebook : Virgin Australia baggage tracking tool takes off – SoftwareLinkedin : Virgin Australia baggage tracking tool takes off – SoftwareReddit : Virgin Australia baggage tracking tool takes off – SoftwareTelegram : Virgin Australia baggage tracking tool takes off – SoftwareWhatsApp : Virgin Australia baggage tracking tool takes off – SoftwareEmail : Virgin Australia baggage tracking tool takes off – Software
2.6 million DuoLingo users have scraped data released
29
Aug
2023

2.6 million DuoLingo users have scraped data released

Using an openly available API, cybercrimnals were able to scrape the data of 2.6 million DuoLingo users. An unknown party…

Share: X : 2.6 million DuoLingo users have scraped data releasedFacebook : 2.6 million DuoLingo users have scraped data releasedLinkedin : 2.6 million DuoLingo users have scraped data releasedReddit : 2.6 million DuoLingo users have scraped data releasedTelegram : 2.6 million DuoLingo users have scraped data releasedWhatsApp : 2.6 million DuoLingo users have scraped data releasedEmail : 2.6 million DuoLingo users have scraped data released
Researchers demo bug-chaining of Juniper Networks vulnerabilities
29
Aug
2023

Researchers demo bug-chaining of Juniper Networks vulnerabilities – Security

Security researchers have published a proof-of-concept for vulnerabilities recently disclosed by Juniper Networks. The company said that while the vulnerabilities…

Share: X : Researchers demo bug-chaining of Juniper Networks vulnerabilities – SecurityFacebook : Researchers demo bug-chaining of Juniper Networks vulnerabilities – SecurityLinkedin : Researchers demo bug-chaining of Juniper Networks vulnerabilities – SecurityReddit : Researchers demo bug-chaining of Juniper Networks vulnerabilities – SecurityTelegram : Researchers demo bug-chaining of Juniper Networks vulnerabilities – SecurityWhatsApp : Researchers demo bug-chaining of Juniper Networks vulnerabilities – SecurityEmail : Researchers demo bug-chaining of Juniper Networks vulnerabilities – Security
How to hide a malicious word document in a PDF to avoid EDR or AV detection
29
Aug
2023

How to hide a malicious word document in a PDF to avoid EDR or AV detection

In order to avoid being discovered, hackers used a novel technique that they named “MalDoc in PDF” to embed a…

Share: X : How to hide a malicious word document in a PDF to avoid EDR or AV detectionFacebook : How to hide a malicious word document in a PDF to avoid EDR or AV detectionLinkedin : How to hide a malicious word document in a PDF to avoid EDR or AV detectionReddit : How to hide a malicious word document in a PDF to avoid EDR or AV detectionTelegram : How to hide a malicious word document in a PDF to avoid EDR or AV detectionWhatsApp : How to hide a malicious word document in a PDF to avoid EDR or AV detectionEmail : How to hide a malicious word document in a PDF to avoid EDR or AV detection
Google strengthens its Workplace suite protection
29
Aug
2023

Google strengthens its Workplace suite protection

We take a look at how Google is strengthening protections across its Workplace products, and Gmail in particular. Google has…

Share: X : Google strengthens its Workplace suite protectionFacebook : Google strengthens its Workplace suite protectionLinkedin : Google strengthens its Workplace suite protectionReddit : Google strengthens its Workplace suite protectionTelegram : Google strengthens its Workplace suite protectionWhatsApp : Google strengthens its Workplace suite protectionEmail : Google strengthens its Workplace suite protection