CVE-2018-16970

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...

Design/Logic Flaw

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to access non-purchased course contents quiz / test via a modified id parameter...

Design/Logic Flaw

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...

CVE-2018-16970

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...

CVE-2018-16971

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to access non-purchased course contents quiz / test via a modified id parameter...

CVE-2018-16970

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to download non-purchased course files via a modified id parameter...

CVE-2018-16971

Wisetail Learning Ecosystem LE through v4.11.6 allows insecure direct object reference IDOR attacks to access non-purchased course contents quiz / test via a modified id parameter...

CVE-2018-16971

Wisetail Learning Ecosystem (LE) up to version 4.11.6 suffers from an insecure direct object reference (IDOR) vulnerability that allows an attacker to access non-purchased course contents (quiz/test) by altering the id parameter. The root cause is improper access control for object references, en...

CVE-2018-16970

CVE-2018-16970 affects Wisetail Learning Ecosystem (LE) up to version 4.11.6, where an insecure direct object reference (IDOR) enables downloading non-purchased course files by modifying the id parameter. The connected PacketStorm entry corroborates multiple IDOR vulnerabilities affecting LE ≤ 4....

Taking Stock: The Internet of Things, and Machine Learning Algorithms at War

It’s in the news every day; hackers targeting banks, hospitals, or, as we’ve come to fear the most, elections. Suffice to say then that cybersecurity has, in the last few years, gone from a relatively obscure industry – let's qualify that: not in the sense of importance, but rather how folks have...

Wallarm joins AI Leaders @ AI Summit

Wallarm joins a select group of AI startups and prominent technologists from Nvidia, Netflix, Microsoft and Amazon to participate in AI Summit on September 19–20 at San Francisco’s Palace of Fine Arts. AI Summit puts AI to work by delivering real value in the business. In just 3 years this...

Small businesses targeted by highly localized Ursnif campaign

Cyber thieves are continuously looking for new ways to get people to click on a bad link, open a malicious file, or install a poisoned update in order to steal valuable data. In the past, they cast as wide a net as possible to increase the pool of potential victims. But attacks that create a lot ...

Akamai India's StandTall Program

Diversity and Inclusion is a mission-critical goal at Akamai. In support of this goal, the India Learning and Development team in collaboration with the Women's Forum India employee resource group, launched an initiative that aims to foster a culture of...

Practical application of artificial intelligence that can transform cybersecurity

As I write this blog post, Im sitting by the beach on my computer in a sunny destination while my family plays in the water. Were on vacation, but we all have our own definition of fun. For me its writing blogs on the beachreally! The headspace is outstanding for uninterrupted thinking time and...

Partner Perspectives: Creating Your Own Threat Hunting Army

Idan Bellayev is the head of security research for empow. Cyber intelligence is one of the strongest tools that can be used to combat a potential attacker. Accessing the information needed to build cyber intelligence from a reliable source is typically difficult and very expensive - but it doesn’...

This Week in Security News: Facebook and Faxploits

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Facebook removed 652 fake accounts originating from Russia and Iran. Also, Microsoft identified and removed fake internet domains that...

Security and Artificial Intelligence: Hype vs. Reality

While artificial intelligence and machine learning are far from new, many in security suddenly believe these technologies will transform their business and enable them to detect every cyber threat that comes their way. But instead, the hype may create more problems than it solves. Recently,...

AI and Machine Learning: Boosting Compliance and Preventing Spam

Some of the most advanced strategies in the current technology and analytics spaces include artificial intelligence and machine learning. These innovative approaches can hold nearly endless possibilities for technological applications: from the ability to eliminate manual work and enable software...

Subdomain Enumeration Tool: Amass

Amass is the subdomain enumeration tool with the greatest number of disparate data sources that performs analysis of the resolved names in order to deliver the largest number of quality results. Amass performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting...

Defending Elections from Foreign Adversaries: Election Buster

Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee DNC IT services company, and foreign adversaries...