A week in security (January 1 – January 7)
A list of topics we covered in the week of January 1 to January 7 of 2024
A list of topics we covered in the week of January 1 to January 7 of 2024
The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence (AI) systems in recent years.
“These security…
A vulnerability, which was classified as critical, was found in Microchip maxView Storage Manager up to 4.14.00.26064. This affects an unknown part of the component Redfish Server. The manipulation leads to improper authorization.
This vulnerability i…
A vulnerability, which was classified as critical, has been found in IBM CICS Transaction Gateway Containers 9.3. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls.
This vulnerability is handled a…
A vulnerability classified as problematic was found in IBM Storage Fusion HCI up to 2.6.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of hard-coded password.
This vulnerability is known as CVE-2023-50948….
A vulnerability classified as critical has been found in IBM DB2 and DB2 Connect Server 10.5/11.1/11.5 on Windows. Affected is an unknown function of the component MSI Repair. The manipulation leads to improper access controls.
This vulnerability is t…
We are using TOTP(https://datatracker.ietf.org/doc/html/rfc6238) for a web application to enhance the security. TOTP works on UTC. if system clock drifts OR NTP is not synced, TOTP generated by application (like MS Authenticator, or Google…
The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace, which is estimated to have facilitated more than $68 million in fraud.
In wrapping up its investigation into …
Threat actors affiliated with the Democratic People’s Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023.
The DPRK “was responsible for almost a third of all funds stolen in crypto attacks last …
While learning about pentesting most of the time I have used the python3 -m http.server [PORT] command to spin up a temporary http server in order to transfer files to a target system. However as I am progressing and moving beyond the basi…