5 matches found
Ink Filepicker - Critical - Unsupported - SA-CONTRIB-2020-037
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. It looks like the 3rd party service that this module integrates with may have been retired. If you would like to maintain this project nevertheless,...
COVID-19 CISO Checklist for Securing a Remote Workforce
The Coronavirus crisis introduces a heavy burden on the CISO with the joint impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden by a relentless generation of noise...
Secure Remote Working During COVID-19 — Checklist for CISOs
Coronavirus crisis introduces a heavy burden on the CISOs with the collective impact of a mass transition to working remotely coupled with a surge of cyberattacks that strive to monetize the general chaos. Security vendors, unintendedly, contribute to this burden by a relentless generation of noi...
Shipt: Multiple Subdomain Takeovers: fly.staging.shipt.com, fly.us-west-2.staging.shipt.com, fly.us-east-1.staging.shipt.com
A researcher identified 3 different abandoned subdomain CNAME records that pointed to a 3rd party service fly.io that Shipt had recently stopped using. Upon receiving the report, the Shipt information security team responded quickly and resolved the issue by removing the stale DNS records...
Boozt Fashion AB: XSS
Researcher reported a XSS vulnerability that could be executed on our internal systems by submitting XSS payload to 3rd party service that we were using to fetch reviews from...