Lucene search
K

172 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2022/08/10 4:7 p.m.3 views

Malicious code in marketplace-benchmarks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b007173bde965cf168de7c0496ea3a257c989e5ee2c9d5bd6eb1806324eb62b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2022/08/10 8:6 a.m.1 views

Malicious Package

Overview marketplace-benchmarks is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/08/08 4:0 p.m.10 views

IT security: An opportunity to raise corporate governance scores

What is a corporate governance score? Corporate governance scoring is increasingly important to boards of directors, executive leadership, and the investment community. If we want to enlist the support of a stakeholder, we have to talk about the things that are important to them. Sales revenue is...

Exploits0
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.7 views

Fedora: Security Advisory for golang-github-francoispqt-gojay (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Snyk
Snyk
added 2022/06/23 9:24 a.m.2 views

Malicious Package

Overview perf-benchmarks is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

9.8CVSS7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 9:13 p.m.3 views

Malicious code in perf-benchmarks-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 776b6ef381784498b8b7f8ab12eea08d62b43ed272efcd4046efcdcf4bff712d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 9:13 p.m.5 views

MAL-2022-5278 Malicious code in perf-benchmarks-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 776b6ef381784498b8b7f8ab12eea08d62b43ed272efcd4046efcdcf4bff712d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2022/05/13 2:0 p.m.24 views

Update for CIS Google Cloud Platform Foundation Benchmarks - Version 1.3.0

The Center for Internet Security CIS recently released an updated version of their Google Cloud Platform Foundation Benchmarks - Version 1.3.0. Expanding on previous iterations, the update adds 21 new benchmarks covering best practices for securing Google Cloud environments. The updates were broa...

Exploits0
Fedora
Fedora
added 2022/05/07 5:6 a.m.36 views

[SECURITY] Fedora 36 Update: golang-github-francoispqt-gojay-1.2.13-6.fc36

GoJay is a performant JSON encoder/decoder for Golang currently the most performant, see benchmarks. It has a simple API and doesn't use reflection. It relies on small interfaces to decode/encode structures and slices. Gojay also comes with powerful stream decoding features and an even faster...

7.5CVSS9.2AI score0.03931EPSS
Exploits0
Fedora
Fedora
added 2022/04/28 5:55 a.m.43 views

[SECURITY] Fedora 34 Update: golang-github-francoispqt-gojay-1.2.13-6.fc34

GoJay is a performant JSON encoder/decoder for Golang currently the most performant, see benchmarks. It has a simple API and doesn't use reflection. It relies on small interfaces to decode/encode structures and slices. Gojay also comes with powerful stream decoding features and an even faster...

7.5CVSS9.2AI score0.03931EPSS
Exploits0
Fedora
Fedora
added 2022/04/28 5:53 a.m.35 views

[SECURITY] Fedora 35 Update: golang-github-francoispqt-gojay-1.2.13-6.fc35

GoJay is a performant JSON encoder/decoder for Golang currently the most performant, see benchmarks. It has a simple API and doesn't use reflection. It relies on small interfaces to decode/encode structures and slices. Gojay also comes with powerful stream decoding features and an even faster...

7.5CVSS9.2AI score0.03931EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/04/05 12:0 a.m.13 views

Fedora: Security Advisory for phoronix-test-suite (FEDORA-2022-cce05f0e5e)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8CVSS6.4AI score0.013EPSS
Exploits1References2
Kitploit
Kitploit
added 2022/02/12 11:30 a.m.31 views

Cloudsploit - Cloud Security Posture Management (CSPM)

Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ npm install $ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ docker build . -t cloudsploit:0.0.1 $ docker run cloudsploit:0.0.1 -h $ docker run -...

7AI score
Exploits0References42
Rapid7 Blog
Rapid7 Blog
added 2021/12/06 7:0 p.m.12 views

Kubernetes Guardrails: Bringing DevOps and Security Together on Cloud

Cloud and container technologies are being increasingly embraced by organizations around the globe because of the efficiency, superior visibility, and control they provide to DevOps and IT teams. While DevOps teams see the benefits of cloud and container solutions, these tools create a learning...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2021/10/08 7:36 a.m.37 views

Career Navigator talk for IT Hub College

Last week I gave a "Career Navigator" talk for the students of the IT Hub College in Moscow. By the way, this college has a very interesting practical information security program. If it is relevant for you, check it out. Ive never talked so much about myself in public. It was like giving advises...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/07/26 11:21 a.m.144 views

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash and...

7.8CVSS1.9AI score0.67252EPSS
Exploits11
Imperva Blog
Imperva Blog
added 2021/07/22 1:29 p.m.213 views

Logging: A Deep Dive

Our RASP product At Imperva our team builds a product called RASP which stands for Runtime Application Self Protection. As indicated by the name, it is a security product which plugs directly into the runtime of an application in order to provide a similar and complementary set of capabilities as...

Exploits0
Kitploit
Kitploit
added 2021/06/04 12:30 p.m.728 views

Penglab - Abuse Of Google Colab For Cracking Hashes

Abuse of Google Colab for fun and profit. What is it ? Penglab is a ready-to-install setup on Google Colab for cracking hashes with an incredible power, really useful for CTFs. See benchmarks below. It installs by default : Hashcat John Hydra SSH with ngrok And now, it can also : Launch an...

7.6AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2021/02/19 4:12 p.m.10 views

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +6 more potentially affected by CVE-2021-23344 via total.js (>=3.2.4 <=3.4.13)

total.js NPM version =3.2.4, =1.1.0, =0.3.0, =4.0.0, =1.0.0, =0.0.1, =0.0.4 Source cves: CVE-2021-23344 Source advisory: SNYK:JS-TOTALJS-1077069...

9.8CVSS7.2AI score0.04787EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/01/29 11:22 a.m.9 views

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +6 more potentially affected by CVE-2020-28495 via total.js (>=3.2.4 <=3.4.13)

total.js NPM version =3.2.4, =1.1.0, =0.3.0, =4.0.0, =1.0.0, =0.0.1, =0.0.4 Source cves: CVE-2020-28495 Source advisory: SNYK:JS-TOTALJS-1046671...

7.5CVSS7.1AI score0.03634EPSS
Exploits1
Rows per page
Query Builder