CVE-2019-2707

Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management component of Oracle PeopleSoft Products subcomponent: Application Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Code injection

Vulnerability in the PeopleSoft Enterprise ELM component of Oracle PeopleSoft Products subcomponent: Enterprise Learning Mgmt. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2019-2707

CVE-2019-2707 affects Oracle PeopleSoft Products, specifically the PeopleSoft Enterprise ELM (Enterprise Learning Management) component, subcomponent Application Search, version 9.2. The issue is exploitable by an unauthenticated attacker over HTTP with network access. Attacks require user intera...

CVE-2019-2707

Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management component of Oracle PeopleSoft Products subcomponent: Application Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Partner Perspectives: Blending Analytics with Endpoint Detection and Response Better Defends the Modern Worker

Ryan Stolte is the co-founder and CTO for Bay Dynamics. There are clearly many reasons why Endpoint Detection and Response EDR has materialized into such a hotbed of interest, investment and emerging best practices - endpoint security must continually evolve within the context of threats and...

Oracle PeopleSoft Products PeopleSoft Enterprise ELM Component Access Control Error Vulnerability

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle Corporation Oracle. The products provide human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise ELM is one of the enterprise employee learning...

Crooks are selling “Digital Doppelgangers” to bypass anti-fraud protection

By Waqas Financial Crimes to Reach an Unprecedented High by 2023 if Dark Web marketplaces like Genesis are allowed to Operate- Researchers Claim. According to the latest research from Juniper Research, cybercriminals have developed a wide range of advanced tools to help users evade machine...

Churning Out Machine Learning Models: Handling Changes in Model Predictions

Introduction Machine learning ML is playing an increasingly important role in cyber security. Here at FireEye, we employ ML for a variety of tasks such as: antivirus, malicious PowerShell detection, and correlating threat actor behavior. While many people think that a data scientist’s job is...

Adversarial Machine Learning against Tesla's Autopilot

Researchers have been able to fool Tesla's autopilot in a variety of ways, including convincing it to drive into oncoming traffic. It requires the placement of stickers on the road. Abstract: Keen Security Lab has maintained the security research work on Tesla vehicle and shared our research...

Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution

Nvidia has released fixes for eight high-severity vulnerabilities in its Linux for Tegra driver packages. The worst of these flaws could allow information disclosure, denial of service and code execution on impacted systems. Overall, the chipmaker on Tuesday released patches for 13 flaws that...

Partner Perspectives: Better Together: Blue Hexagon Deep Learning-Powered Network Security and Carbon Black Endpoint Security

Tom Guerrette is the Director of Solutions Architecture for Blue Hexagon. It’s no surprise to any of us in the security industry that the threat landscape has transformed in the last 5 years in both speed and volume of attacks. According to The AV-Test Security Report, in 2017, 121.6 million new...

The Five Most Startling Statistics from this 2019 Global Survey of 1,200 Cybersecurity Pros [Infographic]

For those of us in the security industry, the annual Cyberthreat Defense Report is a gold mine of insights into the minds of IT security professionals, including what threats keep them up at night, and how they plan to defend against them. The 6th edition of the report from the CyberEdge Group wa...

Code Execution Vulnerability in YxtCMF Online Learning System v6.1

YxtCMF online learning system is an online learning platform system developed with thinkphp+bootstrap as the framework. YxtCMF Online Learning System v6.1 has a code execution vulnerability that can be exploited by attackers to execute arbitrary code...

Announcing Microsoft Defender ATP for Mac and new Threat and Vulnerability Management capabilities

On February 28, 2019, we announced Microsoft Threat Experts, a new managed hunting service within the Microsoft 365 Security portfolio that enables customers to extend their expertise and insights with the help of Microsoft security professionals. This release showcased our philosophy that securi...

Free Training: New Certified Learning Paths

The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings! It is our mission to help Qualys customers and...

Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On Dark Web

A hacker who was selling details of nearly 890 million online accounts stolen from 32 popular websites in three separate rounds has now put up a fourth batch of millions of records originating from 6 other sites for sale on the dark web. The Hacker News today received a new email from the Pakista...

Call for Papers | Microsoft BlueHat Shanghai 2019

The Microsoft Security Response Center MSRC recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented...

Going ATOMIC: Clustering and Associating Attacker Activity at Scale

At FireEye, we work hard to detect, track, and stop attackers. As part of this work, we learn a great deal of information about how various attackers operate, including details about commonly used malware, infrastructure, delivery mechanisms, and other tools and techniques. This knowledge is buil...

RSAC 2019: The Dark Side of Machine Learning

SAN FRANCISCO – The same machine-learning algorithms that made self-driving cars and voice assistants possible can be hacked to turn a cat into guacamole or Bach symphonies into audio-based attacks against a smartphone. These are examples of “adversarial attacks” against machine learning systems...

Machine Learning Can Use Tweets to Automatically Spot Critical Security Flaws

Researchers built an AI engine that uses tweets to predict the severity of software vulnerabilities with 86 percent accuracy...