Search cyberveille.decio.ch

Found 12 bookmarks

Custom sorting

Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor

Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat actor.

#tenable #EN #2025 #Salt-Typhoon #Analysis #vulnerabilies #State-Sponsored

·tenable.com·Jan 29, 2025

Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor

Compromising Microsoft's AI Healthcare Chatbot Service

Tenable finds privilege-escalation issues in Azure Health Bot via an SSRF, which allowed access to cross-tenant resources.

#tenable #en #2024 #azure #azure-health-bot #tenable-research #ssrf #vulnerability #cross-tenant-access #artificial-intelligence #ai-security

·tenable.com·Aug 13, 2024

Compromising Microsoft's AI Healthcare Chatbot Service

D-Link D-View 8 Unauthenticated Probe-Core Server Communication

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of info

#tenable #EN #2023 #D-Link #D-View #vulnerability #disclosure

·tenable.com·Jan 3, 2024

D-Link D-View 8 Unauthenticated Probe-Core Server Communication

Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform

A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets). Background The issue occurred as a result of insufficient access control to Azure Function hosts, which are launched as part of the creation and operation of custom connectors in Microsoft’s Power Platform (Power Apps, Power Automation).

#tenable #2023 #EN #cross-tenant #Cloud #Microsoft-Power #Platform

·tenable.com·Aug 4, 2023

Unauthorized Access to Cross-Tenant Applications in Microsoft Power Platform

Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)

Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day

#tenable #EN #2023 #PatchTuesday #april #zero-day #microsoft #list

·tenable.com·Apr 12, 2023

Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed.

#tenable #EN #2023 #0-day #PatchTuesday #zero-days #March

·tenable.com·Mar 14, 2023

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)

SQL Injection in Multiple WordPress Plugins

Paid Memberships Pro : CVE-2023-23488 - Unauthenticated SQL Injection * Easy Digital Downloads: CVE-2023-23489 - Unauthenticated SQL Injection * Survey Maker: CVE-2023-23490 - Authenticated SQL Injection

#tenable #2023 #EN #WordPress #Plugins #Advisory #CVE-2023-23488 #CVE-2023 #CVE-2023-23490-23489

·tenable.com·Jan 16, 2023

SQL Injection in Multiple WordPress Plugins

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.

#tenable #EN #2022 #CVE-2022-40684

·tenable.com·Oct 7, 2022

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)

Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day

#tenable #EN #2023 #PatchTuesday #april #zero-day #microsoft #list

·tenable.com·Apr 12, 2023

Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed.

#tenable #EN #2023 #0-day #PatchTuesday #zero-days #March

·tenable.com·Mar 14, 2023

Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)

SQL Injection in Multiple WordPress Plugins

* Paid Memberships Pro : CVE-2023-23488 - Unauthenticated SQL Injection * Easy Digital Downloads: CVE-2023-23489 - Unauthenticated SQL Injection * Survey Maker: CVE-2023-23490 - Authenticated SQL Injection

#tenable #2023 #EN #WordPress #Plugins #Advisory #CVE-2023-23488 #CVE-2023 #CVE-2023-23490-23489

·tenable.com·Jan 16, 2023

SQL Injection in Multiple WordPress Plugins

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy

Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.

#tenable #EN #2022 #CVE-2022-40684

·tenable.com·Oct 7, 2022

CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy