Security Leftovers
-
Multiple Easily Exploitable OpenSSL DoS Bugs Fixed
Multiple important denial of service (DoS) vulnerabilities (CVE-2023-0464 and CVE-2023-2650) have been discovered in the OpenSSL Secure Sockets Layer toolkit. These bugs are easy to exploit and have a high availability impact.
These flaws could be exploited to carry out DoS attacks resulting in loss of system access and potential compromise.
An OpenSSL security update that fixes these vulnerabilities has been released. We strongly encourage all impacted users to apply the OpenSSL updates issued by their distro(s) now to protect against attacks leading to system downtime and compromise.
-
What is Content Security Policy (CSP)?
In the vast world of cybersecurity, Content Security Policy (CSP) serves as a formidable front-line defence. Introduced to augment the web's native security capabilities, CSP empowers web developers to establish guidelines or "policies" that regulate how content is handled on a particular webpage.
-
What is Cross-Site Scripting (XSS)?
In the world of cybersecurity, one name that invariably pops up when discussing web application vulnerabilities is Cross-Site Scripting, popularly known as XSS.
-
Vulnerability on Honda platform could have exposed customer and dealer details
A recently detailed vulnerability in an e-commerce platform offered by Honda Motor Co. Ltd. could have exposed the details of both Honda customers and dealers. -
Barracuda Urges Customers to Replace Hacked Email Security Appliances
Barracuda Networks is telling customers to immediately replace hacked ESG email security appliances regardless of the patches they installed.
-
Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
Japanese pharmaceutical company Eisai says it has taken systems offline after falling victim to a ransomware attack.
-
Brand-New Security Bugs Affect All MOVEit Transfer Versions
Progress has issued a second patch for additional SQL flaws that are distinct from the zero-day that Cl0p ransomware gang is exploiting.
-
Ongoing scans for Geoserver, (Thu, Jun 8th)