CyberSecurityBoard
Sponsor Register Login

Vulnerability Summary for the Week of January 15, 2024

This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products.
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products.
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products.
Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out Manager.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager, attacks may significantly impact additional products.
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products.
Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products.
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites.
Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products.
Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit.
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.


This Cyber News was published on www.cisa.gov. Publication date: Mon, 22 Jan 2024 21:13:05 +0000


Cyber News related to Vulnerability Summary for the Week of January 15, 2024

CVE-2015-2165 - Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) ...
5 years ago
National Cybersecurity Alliance Announces 2024 Data Privacy Week - PRESS RELEASE. WASHINGTON - Today, the National Cybersecurity Alliance, announced the program for its third annual Data Privacy Week campaign, which will take place from January 22nd to January 27th. Throughout the week, NCA will emphasize the ...
9 months ago Darkreading.com
January 2024 Patch Tuesday forecast: A Focus on Printing - This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. December 2023 Patch Tuesday ...
10 months ago Helpnetsecurity.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
9 months ago Bleepingcomputer.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
8 months ago Cisa.gov
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
9 months ago Bleepingcomputer.com
Ivanti urges customers to patch yet another critical vulnerability - This vulnerability only affects a limited number of supported versions-Ivanti Connect Secure, Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read between the lines that there could be unsupported versions which will never see ...
9 months ago Malwarebytes.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
8 months ago Cisa.gov
$1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information - This vulnerability could be used by authenticated attackers, with authenticated access, to update arbitrary options and leverage that for privilege escalation. Props to Lucio Sá who discovered and responsibly reported this vulnerability through the ...
9 months ago Wordfence.com
Cloudflare Incident on January 24th, 2023 - An Overview - On January 24th, 2023, Cloudflare experienced an incident that impacted its customers globally. In this article, we will provide an overview analysis of the incident, its impacts on SEO, security, threats, etc. ...
1 year ago Blog.cloudflare.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
ThreatDown EDR update: Streamlined Suspicious Activity investigation - Navigating the complex world of alerts just got easier, thanks to our latest enhancements to the ThreatDown Endpoint Detection and Response platform. The detailed technical information in EDR alerts-replete with complicated diagrams and references to ...
9 months ago Malwarebytes.com
Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days - Social engineer reveals effective tricks for real-world intrusionsIn this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for ...
10 months ago Helpnetsecurity.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
10 months ago Darkreading.com
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
10 months ago Darkreading.com
The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
10 months ago Bleepingcomputer.com
The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
10 months ago Securityboulevard.com
Porsche Abruptly Halts NFT Launch, Allowing Phishing Sites to Take Advantage - Porsche abruptly cut its minting of a new NFT collection short after a dismal turnout and backlash from the crypto community, allowing threat actors to fill the void by creating phishing sites that steal digital assets from cryptocurrency wallets. ...
1 year ago Bleepingcomputer.com
It was other crims what did it: SBF off hook for FTX hack The Register - Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from ...
9 months ago Go.theregister.com
AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
1 month ago Feeds.dzone.com
Chicago children's hospital says nearly 800,000 affected by January ransomware attack - A prominent children's hospital in Chicago confirmed that almost 800,000 people had sensitive health information leaked during a ransomware attack earlier this year. The Ann & Robert H. Lurie Children's Hospital of Chicago was attacked in January by ...
4 months ago Therecord.media
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs - Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities. The total count of 49 flaws does not include 4 Microsoft Edge flaws fixed on January 5th. To learn ...
10 months ago Bleepingcomputer.com
Google shares fix for Pixel phones hit by bad system update - Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update. As previously reported by BleepingComputer, after the January 2024 Google Play system ...
9 months ago Bleepingcomputer.com
Weekly Vulnerability Recap 1/29/24: Apple, Apache, & VMware - In this week's urgent updates, Apple and VMware issued updates for zero-day flaws currently under attack, and researchers detected a rise in attacks on unpatched Apache and Atlassian Confluence servers. The release of proof-of-concept code starts the ...
9 months ago Esecurityplanet.com
Google Just Denied Cops a Key Surveillance Tool - A hacker group calling itself Solntsepek, previously linked to the infamous Russian military hacking unit Sandworm, took credit this week for a disruptive attack on the Ukrainian internet and mobile service provider Kyivstar. Kytch argues in a recent ...
11 months ago Wired.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)