Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
cert.pl
Vulnerability in UptimeDC software
CVE ID CVE-2023-4997 Publication date 04 October 2023 Vendor ProIntegra S.A Product UptimeDC Vulnerable versions All below 2.0.0.33940 Vulnerability type (CWE) Missing Authorization (CWE-862) Report s ... Read more
-
huntress.com
Critical Vulnerabilities: WS_FTP Exploitation | Huntress
On Thursday, September 28, 2023, software vendor Progress released a security advisory for numerous vulnerabilities affecting the WS_FTP Server Ad Hoc Transfer Module within their WS_FTP software.Thes ... Read more
-
huntress.com
Critical Vulnerability: WebP Heap Buffer Overflow (CVE-2023-4863) | Huntress
The Huntress team is currently investigating CVE-2023-4863, a heap buffer overflow in the WebP image encoding/decoding (codec) library (libwebp). Threat actors are exploiting this critical vulnerabili ... Read more
-
huntress.com
Netscaler Exploitation to Social Engineering: Mapping Convergence of Adversary Tradecraft Across Victims | Huntress
The following write-up and analysis is thanks to Matthew Brennan, Harlan Carvey, Anthony Smith, Craig Sweeney, and Joe Slowik. BackgroundHuntress periodically performs reviews of identified incidents ... Read more
-
0patch.com
Micropatches Released For Windows Error Reporting Service Elevation of Privilege (CVE-2023-36874)
With July 2023 Windows Updates, Microsoft brought a fix for CVE-2023-36874, a local privilege escalation vulnerability in Windows Error Reporting Service that was found both by Google TAG and CrowdStr ... Read more
-
0patch.com
Micropatches Released For Windows Search Remote Code Execution (CVE-2023-36884)
Alongside July 2023 Windows Updates, Microsoft revealed the existence of a 0day that was detected in the wild and assigned it CVE-2023-36884. Without issuing a patch, they titled their original adviso ... Read more
-
cert.pl
Vulnerability in lua-http library
CVE ID CVE-2023-4540 Publication date 05 September 2023 Vendor Daurnimator Product lua-http Vulnerable versions All including 0.4 before ddab283 commit Vulnerability type (CWE) Improper Handling of Ex ... Read more
-
huntress.com
How Businesses Should Be Scaling Their Security
Small and medium businesses are changing their security stance for the better. There are still some stragglers, but they tend to be brought forward by insurance companies requiring at least a shred of ... Read more
-
huntress.com
Another PaperCut: CVE-2023-39143 Remote Code Execution | Huntress
On August 5, Huntress was made aware of the recently uncovered vulnerability tracked as CVE-2023-39143. For overall statistics, in our partner base we have over 1,000 vulnerable servers across 812 dif ... Read more
-
0patch.com
Micropatches Released For Denial of Service in Microsoft Message Queuing (CVE-2023-28302, CVE-2023-21769)
April 2023 Windows Updates brought fixes for a number of vulnerabilities in Microsoft Message Queuing Service. We first issued patches for the "Queuejumper" remote code execution vulnerability (CVE-20 ... Read more