A Comprehensive Assessment of the General Personal Data Protection Law (LGPD)
Most nations need to protect sensitive data for any number of reasons. Assuring legal compliance, protecting national security, preventing abuse and prejudice, improving global competitiveness, and upholding ethical standards are all vital requirements. Data privacy enhances the safety, security,.....
6.9AI Score
Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it....
6.4CVSS
5.6AI Score
0.0004EPSS
FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data
The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web...
6.7AI Score
In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming new groups or...
9.8CVSS
9.7AI Score
0.074EPSS
A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby...
5.5AI Score
0.0004EPSS
A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby...
5.4AI Score
0.0004EPSS
A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby...
5.6AI Score
0.0004EPSS
A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby...
5.5AI Score
0.0004EPSS
View transitions: Handling aspect ratio changes
This post assumes some knowledge of view transitions. If you're looking for a from-scratch intro to the feature, see this article. When folks ask me for help with view transition animations that "don't quite look right", it's usually because the content changes aspect ratio. Here's how to handle...
7.4AI Score
Mozilla Firefox Security Update (mfsa_2024-05_2024-07) - Windows
Mozilla Firefox is prone to multiple ...
8.8AI Score
0.0004EPSS
Mozilla Firefox Security Advisory (MFSA2024-05) - Linux
This host is missing a security update for Mozilla...
8.8AI Score
0.0004EPSS
Mozilla Firefox Security Update (mfsa_2024-05_2024-07) - Mac OS X
Mozilla Firefox is prone to multiple ...
8.8AI Score
0.0004EPSS
By: Dominick Vitolo, VP of Security Services, MegaplanIT As a Certified Qualified Security Assessor (QSA) company and a trusted Rapid7 partner, MegaplanIT is committed to guiding organizations through the complexities of compliance and security standards. PCI DSS version 4.0 is a significant...
7AI Score
SaaS Compliance through the NIST Cybersecurity Framework
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS. One of the challenges facing those tasked with securing SaaS applications is.....
9.8CVSS
9.7AI Score
0.074EPSS
Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability
Talos Vulnerability Report TALOS-2023-1829 Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability February 20, 2024 CVE Number CVE-2023-38562 SUMMARY A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A.....
8.7CVSS
7.4AI Score
0.0004EPSS
EU Court of Human Rights Rejects Encryption Backdoors
The European Court of Human Rights has ruled that breaking end-to-end encryption by adding backdoors violates human rights: Seemingly most critically, the [Russian] government told the ECHR that any intrusion on private lives resulting from decrypting messages was "necessary" to combat terrorism...
7.1AI Score
How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM)
Did you know that Network Detection and Response (NDR) has become the most effective technology to detect cyber threats? In contrast to SIEM, NDR offers adaptive cybersecurity with reduced false alerts and efficient threat response. Are you aware of Network Detection and Response (NDR) and how...
9.5AI Score
Amazon Linux 2 : woodstox-core (ALAS-2024-2463)
The version of woodstox-core installed on the remote host is prior to 4.1.2-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2463 advisory. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If...
7.5CVSS
7.7AI Score
0.008EPSS
Amazon Linux 2 : xstream (ALAS-2024-2464)
The version of xstream installed on the remote host is prior to 1.3.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2464 advisory. Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on...
7.5CVSS
7.7AI Score
0.008EPSS
Nextcloud: ID4me feature of OpenID connect app available even when disabled
Summary: It is possible to register a new account on any Nextcloud server that has user_oidc enabled by just opening /apps/user_oidc/id4me as unauthenticated user. This is especially problematic given apps such as Nextcloud Talk enable accessing instance wide chat rooms. This is caused since the...
6.3CVSS
7.2AI Score
0.0004EPSS
Massive utility scam campaign spreads via online ads
For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten...
7AI Score
christmas-hotel.com Cross Site Scripting vulnerability OBB-3853285
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks. What’s the attack? To understand the attack you need understand the challenge that the...
7.2AI Score
Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial.....
7.5CVSS
6.7AI Score
0.008EPSS
Issue Overview: Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack....
7.5CVSS
6.7AI Score
0.008EPSS
This High severity org.codehaus.jettison:jettison Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, and 9.8.0 of Jira Software Data Center and Server. This org.codehaus.jettison:jettison Dependency vulnerability, with a CVSS....
7.5CVSS
7.2AI Score
0.001EPSS
This High severity org.codehaus.jettison:jettison Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, and 9.8.0 of Jira Software Data Center and Server. This org.codehaus.jettison:jettison Dependency vulnerability, with a CVSS....
7.5CVSS
7.2AI Score
0.002EPSS
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can...
7.5CVSS
7.5AI Score
0.001EPSS
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET 6.0, ASP.NET 7.0 and, ASP.NET 8.0 . This advisory also provides guidance on what developers can...
7.5CVSS
7.5AI Score
0.001EPSS
Cyberattack on Democracy: Escalating Cyber Threats Immediately Ahead of Taiwan’s 2024 Presidential Election By Anne An · February 13, 2024 Preface Cybersecurity has become an integral part of election security. Nation-state actors and other politically motivated groups are likely to try to...
6.7AI Score
London Underground Is Testing Real-Time AI Surveillance Tools to Spot Crime
In a test at one station, Transport for London used a computer vision system to try and detect crime and weapons, people falling on the tracks, and fare dodgers, documents obtained by WIRED...
7.3AI Score
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
5.5CVSS
7.7AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
7.8CVSS
5.5AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through...
7.8CVSS
5.6AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through...
5.5CVSS
7.7AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version...
5.5CVSS
6AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version...
6CVSS
5.5AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through...
5.5CVSS
7.2AI Score
0.0004EPSS
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
5.5CVSS
7.2AI Score
0.0004EPSS
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version...
5.5CVSS
7.2AI Score
0.0004EPSS
CVE-2024-1150 Improper validation of update packages
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through...
7.8CVSS
7.9AI Score
0.0004EPSS
CVE-2024-1149 Improper validation of update packages
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0;...
7.8CVSS
7.8AI Score
0.0004EPSS
CVE-2023-7169 Impersonate vendor signed Powershell scripts
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version...
6CVSS
6.3AI Score
0.0004EPSS
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Impact You can create, delete etc. tags without having the permission to do so. This vulnerability allows an attacker to perform broken access control and add tags to admin panel and add dumy data. One can do this as intruder and add text parameters with random numbers and this will effect...
9.1CVSS
7AI Score
0.001EPSS
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Impact You can create, delete etc. tags without having the permission to do so. This vulnerability allows an attacker to perform broken access control and add tags to admin panel and add dumy data. One can do this as intruder and add text parameters with random numbers and this will effect...
9.1CVSS
6.7AI Score
0.001EPSS
Digital Experience Monitoring | What Is DEM?
Introduction to Digital Experience Monitoring: Illuminating the Basics In an era governed by technology, the satisfaction of an end-user is of utmost importance. It has the power to stimulate or to halt business growth, and frequently determines if a client continues or discontinues their...
7.2AI Score
Ski & bike helmets protect your head, not location or voice
TL;DR Livall smart ski and bike helmet app leaks the wearers real time position Group audio chat allows snooping on conversations Both issues are due to missing authorisation Bike app affects ~1 million users, ski app affects a few thousand users Fixed by the vendor, but after we had to call on a.....
7.3AI Score
Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware
The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from.....
6.5AI Score
Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan
The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly...
6.8AI Score
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
Summary When someone creates an access key, it inherits the permissions of the parent key. Not only for s3:* actions, but also admin:* actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able to simply override their own s3...
8.8CVSS
8.9AI Score
0.002EPSS