2348 matches found
Kicking off the Microsoft Graph Security Hackathon
Cybersecurity is one of the hottest sectors in tech with Gartner forecasting worldwide information spending to exceed $124 billion by the end of 2019. New startups and security solutions are coming onto the market while attackers continue to find new ways to breach systems. The security solutions...
ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +568 more potentially affected by CVE-2018-17190 via org.apache.spark:spark-core_2.10 (>=1.0.0 <=1.6.3)
org.apache.spark:spark-core2.10 MAVEN version =1.0.0, =1.0.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =0.17.0, =0.10.0, =0.15.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2018-17190 Source advisory: OSV:GHSA-PHG2-9C5G-M4Q7https://vulners.com/osv/OSV:GHSA-PHG2-9C5G-M...
Vba2Graph - Generate Call Graphs From VBA Code, For Easier Analysis Of Malicious Documents
A tool for security researchers, who waste their time analyzing malicious Office macros. Generates a VBA call graph, with potential malicious keywords highlighted. Allows for quick analysis of malicous macros, and easy understanding of the execution flow. @MalwareCantFly Features Keyword...
The evolution of Microsoft Threat Protection, November update
At Ignite 2018, we announced Microsoft Threat Protection, a comprehensive, integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and, infrastructure Figure 1. The foundation of the solution is the Microsoft Intelligent Security Graph, which...
Patched Facebook Vulnerability Could Have Exposed Private Information About You and Your Friends
In a previous blog we highlighted a vulnerability in Chrome that allowed bad actors to steal Facebook users’ personal information; and, while digging around for bugs, thought it prudent to see if there were any more loopholes that bad actors might be able to exploit. What popped up was a bug that...
GHSA-FWX5-5FQJ-JV98 Cross-Site Scripting in morris.js
Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script will run o...
Cross-Site Scripting in morris.js
Affected versions of morris.js are vulnerable to cross-site scripting attacks in labels that appear when hovering over a particular point on a generated graph. The text content of these labels is not escaped, so if control over the labels is obtained, script can be injected. The script will run o...
Making it real—harnessing data gravity to build the next gen SOC
This post was coauthored by Diana Kelley, Cybersecurity Field CTO, andSin John,EMEA Chief Security Advisor, Cybersecurity Solutions Group. In our first blog, Diana and I talked about the concept of data gravity and how it could, conceptually, help organizations take a more cloud-ready approach to...
Get deeper into security at Microsoft Ignite 2018
This year at Microsoft Ignite, we will be making some exciting announcementsfrom new capabilities for identity management and information protection to powerful artificial intelligence AI innovations that can help you stay ahead of an often overwhelming surge in threats and security alerts. Join ...
Active Directory Privilege Relationships: BloodHound
BloodHound is a single page Javascript web application, built on top of Linkurious , compiled with Electron , with a Neo4j database fed by a PowerShell ingestor . BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attacks c...
Subdomain Enumeration Tool: Amass
Amass is the subdomain enumeration tool with the greatest number of disparate data sources that performs analysis of the resolved names in order to deliver the largest number of quality results. Amass performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting...
@jamie452/open-graph-scraper (=2.3.2), bind-rest (>=1.4.0 <=1.4.6) +3 more potentially affected by CVE-2017-16098 via charset (>=0.0.1 <=1.0.0)
charset NPM version =0.0.1, =1.4.0, =2.2.2, =0.0.1, =0.1.0 Source cves: CVE-2017-16098 Source advisory: OSV:GHSA-9CP3-FH5X-XFCJ...
Protecting the modern workplace from a wide range of undesirable software
Security is a fundamental component of the trusted and productive Windows experience that we deliver to customers through modern platforms like Windows 10 and Windows 10 in S mode. As we build intelligent security technologies that protect the modern workplace, we aim to always ensure that...
metascrape npm module cross-site scripting vulnerability
The metascrape npm module is a library for grabbing metadata from articles on the web. A cross-site scripting vulnerability in the metascrape npm module version 3.9.2 and earlier, which stems from the program's failure to filter HTML, can be exploited by a remote attacker to execute and inject...
CVE-2018-3773
There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the metascrape npm module = 3.9.2...
Cross site scripting
There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the metascrape npm module = 3.9.2...
CVE-2018-3773
There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the metascrape npm module = 3.9.2...
CVE-2018-3773
CVE-2018-3773 describes a stored XSS in Open Graph metadata read by the metascrape/metascraper npm tooling. Technical details across connected records show that the vulnerability affects metascrape versions up to 3.9.2 and metascraper versions up to 5.2.x (with Node advisories citing 5.3.0 as the...
CVE-2018-3773
There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the metascrape npm module = 3.9.2...
PT-2018-16191 · Npm · Metascrape
Name of the Vulnerable Software and Affected Versions: metascraper versions prior to 5.2.0 metascrape npm module versions = 3.9.2 Description: The issue is related to a stored Cross-Site Scripting vulnerability in Open Graph meta properties. It affects the metascrape npm module and metascraper...