Lucene search
+L

375 matches found

Hacker One
Hacker One
added 2022/03/09 7:23 p.m.15 views

TikTok: Privilege Escalation on TikTok for Business

An IDOR Insecure Direct Object Reference vulnerability was found on the "orgid" and "accountid" parameters on a Business.TikTok.com endpoint, which could have resulted in an authenticated user with "Analyst" level permissions to close another user's ads accounts. We thank @naaash for reporting th...

2.1AI score
Exploits0
ThreatPost
ThreatPost
added 2022/02/09 2:0 p.m.549 views

Ex-Gumshoe Nabs Cybercrooks with FBI Tactics

Crooks are crooks, right? Whatever motivates serial violent offenders doesn’t switch off when they stop mugging people and instead pick up a keyboard to transform into cyber actors who craft cyber threats. At least, that was the thinking behind the 2012 creation of the FBI’s Cyber Behavioral...

8.7AI score
Exploits0References6
GithubExploit
GithubExploit
added 2022/01/09 4:23 p.m.1029 views

Exploit for Deserialization of Untrusted Data in H2Database H2

CVE-2021-42392-Detect About The script detects vulnerable H2...

10CVSS9.4AI score0.63211EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
added 2022/01/06 8:41 p.m.204 views

What's New in InsightIDR: Q4 2021 in Review

More context and customization around detections and investigations, expanded dashboard capabilities, and more. This post offers a closer look at some of the recent releases in InsightIDR, our extended detection and response XDR solution, from Q4 2021. Over the past quarter, we delivered updates ...

9.3CVSS0.1AI score0.99999EPSS
Exploits355
GithubExploit
GithubExploit
added 2021/12/19 5:13 a.m.527 views

Exploit for Deserialization of Untrusted Data in Apache Log4J

This is a proof-of-concept PoC exploit for CVE-2021-44228, a v...

10CVSS8.6AI score0.99999EPSS
Exploits358
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/12/15 5:0 p.m.35 views

The final report on NOBELIUM’s unprecedented nation-state attack

This is the final post in a four-part series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM” pul...

7.6AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/11/30 12:0 a.m.14 views

ESG Economic Value Validation of XDR

Hear leading analyst firm ESG and Chase Renes, system administrator at Vision Bank, discuss the operational, business, and financial value of Trend Micro’s industry-leading XDR solution...

1.2AI score
Exploits0
ThreatPost
ThreatPost
added 2021/09/28 5:45 p.m.79 views

SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

The FinSpy surveillance kit has been driven from its hiding place following an eight-month investigation by Kaspersky researchers. Detections of the spyware trojan have dwindled since 2018, but it turns out that it hasn’t gone away – it’s simply been hiding behind various first-stage implants tha...

9.8CVSS8.8AI score0.99999EPSS
Exploits11References4
Wordfence Blog
Wordfence Blog
added 2021/08/13 9:50 p.m.12 views

WordPress Malware Camouflaged As Code

In today’s post we discuss emerging techniques that attackers are using to hide the presence of malware. In the example we discuss below, the attacker’s goal is to make everything look routine to an analyst so that they do not dig deeper and discover the presence of malware and what it is doing. ...

7.5AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/08/10 12:0 a.m.11 views

An expert discussion on XDR

Discover why industry veteran and former Gartner analyst, Greg Young, believes that XDR is the most exciting thing that has happened in cybersecurity in the last 20 years...

7AI score
Exploits0
OSV
OSV
added 2021/07/26 12:15 p.m.4 views

CVE-2021-29767

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681...

5.3CVSS5.8AI score0.01275EPSS
Exploits0References2
OSV
OSV
added 2021/07/26 12:15 p.m.5 views

CVE-2021-29770

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 202771...

6.5CVSS5.5AI score0.00619EPSS
Exploits0References2
OSV
OSV
added 2021/07/26 12:15 p.m.5 views

CVE-2021-29769

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie...

4.3CVSS5.4AI score0.00511EPSS
Exploits0References2
OSV
OSV
added 2021/07/26 12:15 p.m.5 views

CVE-2021-20431

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342...

6.5CVSS5.8AI score0.00935EPSS
Exploits0References2
NCSC
NCSC
added 2021/07/26 12:0 a.m.5 views

Vulnerabilities fixed in IBM i2 Analyst's Notebook

Vulnerabilities have been fixed in the IBM i2 Analyst's Notebook. A malicious party could exploit the vulnerabilities to obtain system data and sensitive information. IBM has released updates to fix the vulnerabilities. For more information, see: https://www.ibm.com/support/pages/node/6474861...

6.5CVSS6.8AI score0.01275EPSS
Exploits0
CNNVD
CNNVD
added 2021/07/26 12:0 a.m.5 views

IBM i2 Analyze安全漏洞

IBM i2 Analyst's Notebook Premium is an intuitive analysis environment that combines data storage, analysis tools, visualization and dissemination capabilities. i2 Analyst's Notebook Premium contains a security vulnerability that could be exploited by remote attackers to obtain sensitive...

5.3CVSS5.6AI score0.01275EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/07/23 12:0 a.m.4 views

IBM i2 Analysts Notebook Premium 安全漏洞

IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM USA. IBM i2 Analyst's Notebook Premium has an information disclosure vulnerability that could be exploited by an attacker to obtain sensitive information...

5.3CVSS5.6AI score0.01275EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/23 12:0 a.m.6 views

IBM i2 Analysts Notebook Premium 安全漏洞

IBM i2 Analyst's Notebook Premium is a premium version of IBM i2 Analyst's Notebook from IBM of America. IBM i2 Analyst's Notebook Premium is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain cookie values by listening to traffic...

4.3CVSS5.6AI score0.00511EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2021/07/19 8:5 p.m.40 views

Rapid7 + XDR: Security that Moves as Fast as Your Business

Since launching InsightIDR almost six years ago, our mission has remained constant: make it possible for any security team to achieve fast, sophisticated threat detection and response programs that scale with their business. Making threat detection and response as agile and simple as possible...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/30 4:28 p.m.42 views

Why MTTR is Bad for SecOps

Mean time to resolution MTTR is a commonly used metric in the security industry. While it has utility to a business’s risk function, it does not belong in security operations SecOps. First, let us level-set on what reporting is versus metrics. Reporting measures activity and does not drive specif...

7.3AI score
Exploits0References2
Rows per page
Query Builder