CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

Wiz expands board and executive team with top security leaders from DocuSign, Aon, Meta and Okta

Wiz continues momentum with addition of security luminary Emily Heath to board of directors; expands executive team to lead hyper-growth...

Meet new Wiz board member Emily Heath

Q&A: Why Wiz caught the attention of DocuSign’s Former CTSO...

Malicious Package

Overview docusign.termsandconditions is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...

Malicious Package

Overview docusign.myclick.nondisclosureagreement is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only...

Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins

A sophisticated phishing campaign directed at a “major, publicly traded integrated payments solution company located in North America” made use of DocuSign and a compromised third party’s email domain to skate past email security measures, researchers said. The campaign spread seemingly innocuous...

The Bug Report - January 2022 Edition

The Bug Report - January 2022 By Trellix · February 2, 2022 This story was written by Kevin McGrath Your Cybersecurity Comic Relief Image courtesy of https://toggl.com/ Why am I here? Omicron is the 15th letter in the Greek alphabet, used by Donald Knuth to denote Big-O notation, represented zero...

The Bug Report - January 2022 Edition

The Bug Report - January 2022 By Trellix · February 2, 2022 This story was written by Kevin McGrath Your Cybersecurity Comic Relief Image courtesy of https://toggl.com/ Why am I here? Omicron is the 15th letter in the Greek alphabet, used by Donald Knuth to denote Big-O notation, represented zero...

A week in security (August 16 – August 22)

Last week on Malwarebytes Labs: Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks. How to troubleshoot hardware problems that look like malware problems. Analysts “strongly believe” the Russian state colludes with ransomware gangs. macOS 11’s hidden security...

How to spot a DocuSign phish and what to do about it

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. And the brands phishers like most are the ones youre expecting to hear from, or wouldnt be surprised to hear from, like Amazon or DHL. Now you can add DocuSign to that list...

Fedora 31 : 1:java-1.8.0-openjdk (2020-508df53719)

July 2020 OpenJDK security update for OpenJDK 8. Full release notes: https://bitly.com/oj8u262 New features - JDK-8223147: JFR Backport Security fixes - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equalsDerValue - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in...

Fedora 31 : 1:java-11-openjdk (2020-93cc9c3ef2)

July 2020 OpenJDK security update for OpenJDK 11 Full release notes: https://bitly.com/openjdk1108 Security fixes - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233234: Better Zip Naming - JDK-8233239, CVE-2020-14562: Enhan...

Fedora 32 : 1:java-1.8.0-openjdk (2020-e418151dc3)

July 2020 OpenJDK security update for OpenJDK 8. Full release notes: https://bitly.com/oj8u262 New features - JDK-8223147: JFR Backport Security fixes - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equalsDerValue - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in...

Foxit Reader and PhantomPDF DocuSign Plugin Trust Management Issues Vulnerability

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A trust management issue exists in the DocuSign plug-in in Foxit Reader versions prior to 9.7.2 and PhantomPDF versions prior to 9.7.2. An attacker can exploit this vulnerability to obtain hard-coded...

CVE-2020-13804

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin...

CVE-2020-13804

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin...

Information disclosure

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin...

CVE-2020-13804

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin...

CVE-2020-13804

The CVE-2020-13804 issue affects Foxit Reader and PhantomPDF (pre-9.7.2). The vulnerability stems from the DocuSign plugin, allowing disclosure of a hardcoded username and password, resulting in a potential information disclosure impacting confidentiality (per the documented CVSS metrics). Affect...

CVE-2020-13804

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin...