EUVD-2022-53043

Malicious code in bioql PyPI...

CVE-2022-31589

Due to improper authorization check, business users who are using Israeli File from SHAAM program /ATL/VQ23 transaction, are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted...

One year later, Rhadamanthys is still dropped via malvertising

It was just a little over a year ago that the Rhadamanthys stealer was first publicly seen distributed via malicious ads. Throughout 2023, we observed a continuation in malvertising chains related to software downloads. Fast forward to 2024 and the same malvertising campaigns are still going on...

Siemens Teamcenter Visualization and JT2Go Memory Corruption Vulnerability

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with available JT, VFZ, CGM and TIF data.Teamcenter Visualization software is able to enhance its Product Lifecycle Management PLM environments with a comprehensive range of visualization solutions. PLM environme...

CVE-2022-31589

Due to improper authorization check, business users who are using Israeli File from SHAAM program /ATL/VQ23 transaction, are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted...

JT2Go and Teamcenter Visualization File Parsing Vulnerability (CNVD-2021-100357)

JT2Go, a 3D JT viewing tool, and Teamcenter Visualization software enable companies to enhance their Product Lifecycle Management PLM environments with a comprehensive family of visualization solutions. The software allows business users to access documents, 2D drawings and 3D models in a single...

Ransomware in the CIS

Introduction These days, when speaking of cyberthreats, most people have in mind ransomware, specifically cryptomalware. In 2020–2021, with the outbreak of the pandemic and the emergence of several major cybercriminal groups Maze, REvil, Conti, DarkSide, Avaddon, an entire criminal ecosystem took...

Unauthorized Access Vulnerability in Lexmark MB2236adw

Lexmark NYSE: LXK is a U.S.-based company that develops and manufactures laser printers and is a provider of content management software, primarily for business users. An unauthorized access vulnerability exists in the Lexmark MB2236adw, which can be exploited by attackers to obtain sensitive...

Unauthorized Access Vulnerability in Lexmark CX517de

Lexmark NYSE: LXK is a U.S.-based company that develops and manufactures laser printers and is a provider of content management software, primarily for business users. An unauthorized access vulnerability exists in the Lexmark CX517de, which can be exploited by attackers to obtain sensitive...

Unauthorized Access Vulnerability in Lexmark B2338dw

Lexmark NYSE: LXK is a U.S.-based company that develops and manufactures laser printers and is a provider of content management software, primarily for business users. An unauthorized access vulnerability exists in Lexmark B2338dw, which can be exploited by attackers to obtain sensitive informati...

Governance Considerations for Democratizing Your Organization's Data in 2021

With the continuing rise of IoT devices, mobile networks, and digital channels, companies face a lot of pressure to generate meaningful and actionable insights from the wealth of data they capture. Gartner Research lists data democratization as one of the top strategic technology trends to watch...

CVE-2020-6299

SAP NetWeaver ABAP Server and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure...

Phishing Trends Position ISPs to Protect Subscribers

Akamai just released the 2019 State of the Internet SOTI security report: Phishing - Baiting the Hook featuring findings from the enterprise and carrier research teams. They've been collaborating for two years to develop better methods for evaluating massive volumes of anonymized, live-streamed D...

CVE-2019-0261

Under certain circumstances, SAP HANA Extended Application Services, advanced model XS advanced does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 running on SAP HANA 1 or SAP HANA 2 SPS0 second S stands for stack...

Uber: Listing of email addresses of whitelisted business users visible at business.uber.com

At business.uber.com a JSX file which has a listing of email addresses was accessible...

OpenDNS 2010 Report : Web Content Filtering and Phishing !

OpenDNS 2010 Report : Web Content Filtering and Phishing Introduction OpenDNS® is the largest global DNS service for consumers, schools and businesses: • Resolves 30 billion DNS queries per day • Services 15 million requesting IP addresses per day. Many of these represent organizations with...

JVN#71945722 Movable Type Enterprise cross-site scripting vulnerability

Movable Type Enterprise, a web log system from Six Apart KK for business users, contains a cross-site scripting vulnerability. This vulnerability is different from JVN02216739. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...