Day: 16 marzo, 2023

Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information DisclosureAffected versions: >=8.0.0 =9.5.0 =10.0.0 Description: The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files.This release was coordinated with SA-CONTRIB-2023-010.This advisory is More info: https://www.drupal.org/sa-core-2023-002

Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 13∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:UncommonVulnerability: Information DisclosureAffected versions: >=8.0.0 =9.5.0 =10.0.0 Description: The language module provides a Language switcher block which can be placed to provide links to quickly switch between different languages.The URL of unpublished translations may be disclosed. When used in conjunction with a module like Pathauto, this may reveal More info: https://www.drupal.org/sa-core-2023-003

Project: Drupal coreDate: 2023-March-15Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Access bypassAffected versions: =8.0.0 =9.5.0 =10.0.0 Description: Drupal core provides a page that outputs the markup from phpinfo() to assist with diagnosing PHP configuration.If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could More info: https://www.drupal.org/sa-core-2023-004

In my role as General Manager of the VMware Security Business Unit, I have the privilege of speaking regularly with many Chief Information Security Officers (CISOs) around the globe. While some face challenges unique to the specific organization over which they provide cyber stewardship, I have commonly heard three strategic imperatives shared during these conversations. … ContinuedThe post Why CISOs Should Prioritize Extended Detection & Response (XDR) appeared first on VMware More info: https://blogs.vmware.com/security/2023/03/why-cisos-should-prioritize-extended-detection-response-xdr.html?utm_source=rss&utm_medium=rss&utm_campaign=why-cisos-should-prioritize-extended-detection-response-xdr