Lucene search
K

867 matches found

Cvelist
Cvelist
added 2023/08/23 3:38 p.m.48 views

CVE-2023-37379 Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

8.1AI score0.01488EPSS
Exploits0References3
Qualys Blog
Qualys Blog
added 2023/08/17 4:59 p.m.30 views

Part III: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically

We outlined some critical cybersecurity metrics in Part I of this three-part blog series. In the final blog post, we will delve into three crucial aspects outlined in Josh’s article: tactical metrics for operational teams, strategic metrics for leadership, and the metrics addressing the...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/03 3:10 p.m.36 views

RFP Template for Browser Security

Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop "The Definitive Browser Security RFP...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/07/27 3:25 p.m.22 views

Part II: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically

In Part I of this three-part blog series, we discussed building a cyber risk metrics program from the ground up. We also discovered how to implement effective strategies for holistically articulating your cyber risk posture across your organization. In our second installment, we’ll delve deeper...

7.1AI score
Exploits0
Prion
Prion
added 2023/07/25 10:15 p.m.18 views

Design/Logic Flaw

Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft ...

1.9CVSS4.1AI score0.00241EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/25 9:2 p.m.24 views

CVE-2023-38496 Apptainer's ineffective privileges drop when requesting container network

Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft ...

6.1CVSS6.8AI score0.00241EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/25 1:52 p.m.23 views

Ineffective privileges drop when requesting container network

Impact Fix https://github.com/apptainer/apptainer/pull/1523 included in Apptainer 1.2.0-rc.2 has introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges. The attack surface is rather limited for users but an...

6.1CVSS6.8AI score0.00241EPSS
Exploits0References5Affected Software1
Qualys Blog
Qualys Blog
added 2023/07/20 2:45 p.m.16 views

Part I: Implementing Effective Cyber Security Metrics That Reduce Risk Realistically

As a CISO or business leader, some burning questions that often come to your mind are: How vulnerable is our cybersecurity posture? Are we better protected than we were three months or a year ago? Have our investments improved the cybersecurity posture and yielded any tangible benefits? Are my...

7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/07/20 12:0 a.m.6 views

Security Patch Management Strengthens Ransomware Defense

With thousands of applications to manage, enterprises need an effective way to prioritize software security patches. That calls for a contextualized, risk-based approach and good overall attack surface risk management...

6.9AI score
Exploits0
GithubExploit
GithubExploit
added 2023/07/19 6:18 p.m.302 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

It is an exploit module for Log4j. The vulnerability class/vecto...

10CVSS8.6AI score0.99999EPSS
Exploits351
The Hacker News
The Hacker News
added 2023/07/19 11:58 a.m.47 views

How to Manage Your Attack Surface?

Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/19 3:0 a.m.16 views

Docker Hub images found to expose secrets and private keys

Numerous Docker images shared on Docker Hub are exposing sensitive data, according to a study conducted by researchers at the German university RWTH Aachen. Needless to say, this poses a significant security risk. In traditional software development, programmers code an application in one computi...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/17 10:56 a.m.29 views

These 6 Questions Will Help You Choose the Best Attack Surface Management Platform

The hype around different security categories can make it difficult to discern features and capabilities from bias when researching new platforms. You want to advance your security measures, but what steps actually make sense for your business? For anyone ready to find an attack surface managemen...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/07/13 1:0 a.m.52 views

Zero-day deploys remote code execution vulnerability via Word documents

An unpatched zero-day vulnerability is currently being abused in the wild, targeting those with an interest in Ukraine. Microsoft reports that CVE-2023-36884 is tied to reports of: …a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of...

6.8CVSS7.5AI score0.99083EPSS
Exploits3
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/07/06 4:0 p.m.23 views

Microsoft Defender for Endpoint is ranked number one in market share in the IDC Worldwide Corporate Endpoint Security Market Shares report, 2022

Microsoft security researchers tracked a 130.4 percent increase in organizations that have encountered ransomware over the last year. Endpoints are an important attack vector and ensuring that organizations have modern endpoint security as part of a broader extended detection and response strateg...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/29 10:56 a.m.25 views

The Right Way to Enhance CTI with AI (Hint: It's the Data)

Cyber threat intelligence is an effective weapon in the ongoing battle to protect digital assets and infrastructure - especially when combined with AI. But AI is only as good as the data feeding it. Access to unique, underground sources is key. Threat Intelligence offers tremendous value to peopl...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/27 11:27 a.m.3 views

Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation

As the business environment becomes increasingly connected, organizations' attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/27 11:27 a.m.33 views

Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation

As the business environment becomes increasingly connected, organizations' attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/26 1:0 a.m.12 views

A week in security (June 19 - 25)

Last week on Malwarebytes Labs: Microsoft Azure AD flaw can lead to account takeover 5 facts to know about the Royal ransomware gang Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023 UPS warns customers of phishing attempts after data accessed 6 tips for a cybersecure honeymo...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/06/21 1:0 p.m.15 views

Cyber Asset Attack Surface Management 101

Understanding CAASM This article was written by Ethan Smart, Co-Founder and Chief Solution Architect, appNovi a Rapid7 integration partner. It's essential for security and IT teams to have a comprehensive view and control of their cyber assets. This is why Cyber Asset Attack Surface Management...

7.2AI score
Exploits0
Rows per page
Query Builder