Lucene search
K

51 matches found

Ubuntu
Ubuntu
added 2025/03/28 2:2 p.m.33 views

USN-7387-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...

8.1CVSS7.5AI score0.03558EPSS
Exploits3
HackRead
HackRead
added 2025/01/18 1:51 a.m.3 views

Bitcoin’s Prospects in 2025: Exploring Opportunities and Mitigate Risks

Explore Bitcoin's 2025 prospects, market trends, mining, and secure methods like cloud platforms. Learn strategies to manage risks…...

7.3AI score
Exploits0
NVD
NVD
added 2024/12/17 6:15 a.m.27 views

CVE-2024-9624

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...

7.6CVSS0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/17 5:23 a.m.8 views

CVE-2024-9624 WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxicurldownload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to ma...

7.6CVSS6.7AI score0.00412EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/11/25 11:24 a.m.7 views

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code IaC and policy-as-code PaC tools like HashiCorp's Terraform and Styra's Open Policy Agent OPA that leverage dedicated, domain-specific languages DSLs to breach cloud platforms and exfiltrate data...

7.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/02/13 12:36 p.m.19 views

Security Flaw in CoCalc: One Click and Your Cloud is Ruined

TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click from the victim. This flaw was due primarily to the lack of separation between the user...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/02/09 7:40 a.m.40 views

Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity

Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However,...

7.2AI score
Exploits0
Gitee
Gitee
added 2023/03/17 1:53 a.m.4 views

cyber-range-scenarios

This repository is an offensive tool for cloud-based cyber ranges, specifically for training scenarios. It contains a collection of scripts and configurations for simulating various cyber attacks and vulnerabilities, including Shell Shock and libfutex privilege escalation. The repository uses...

8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/06 5:42 p.m.35 views

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/12/08 12:0 a.m.7 views

The vulnerability of the rsync platform used in OpenStack platforms for cloud computing solutions allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the rsync platform used in OpenStack platforms for cloud computing solutions is related to security configuration errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

8.6CVSS7.2AI score0.01107EPSS
Exploits0References2
Akamai Blog
Akamai Blog
added 2022/12/05 2:0 p.m.16 views

Not Every Cloud Is Meant for Every Workload

Understanding which cloud platforms are the best fit for which workloads can maximize your return on investment and your customers’ output...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/05/24 2:35 p.m.14 views

CVE-2022-22306

An improper certificate validation vulnerability CWE-295 in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and...

5.4CVSS6.8AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/05/24 2:35 p.m.20 views

CVE-2022-22306

An improper certificate validation vulnerability CWE-295 in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and...

5.4CVSS5.6AI score0.00184EPSS
Exploits0References1
Kitploit
Kitploit
added 2022/03/17 11:30 a.m.32 views

PurplePanda - Identify Privilege Escalation Paths Within And Across Different Clouds

This tool fetches resources from different cloud/saas applications focusing on permissions in order to identifyprivilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privilegesescalation paths within a platform and across...

7.3AI score
Exploits0References4
OSV
OSV
added 2022/02/18 6:15 p.m.3 views

CVE-2022-21215

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing...

9.8CVSS5.8AI score0.01412EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/02/18 6:15 a.m.27 views

4 Cloud Data Security Best Practices All Businesses Should Follow Today

These days, businesses all around the world have come to depend on cloud platforms for a variety of mission-critical workflows. They keep their CRM data in the cloud. They process their payrolls in the cloud. They even manage their HR processes through the cloud. And all of that means they're...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/15 4:46 p.m.39 views

Microsoft Disrupts Large, Cloud-Based BEC Campaign

Threat hunters at Microsoft recently uncovered and disrupted infrastructure that powered a large-scale business email compromise BEC campaign. The infrastructure was hosted on multiple cloud platforms, which allowed it to stay under the radar for quite some time. “The attackers performed discrete...

6.4AI score
Exploits0References6
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/05/21 6:54 a.m.16 views

Smart lighting security

Smart lighting systems create great opportunity for improved efficiency, cost savings and easy management. The long lifespan and low power requirement of LED luminaires and lamps means that it’s worth investing in replacing older fluorescent and incandescent lighting. RJ45 connections delivering...

7.2AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/04/08 11:0 a.m.50 views

Emerging Edge Computing Use Cases

The first rule of edge compute thought leadership is: don't overuse the term edge. Over the course of my blog series on the topic, I have defined the edge, explained edge computing, and discussed the economics of edge computing. There have also been a few articles in which I've discussed how...

6.6AI score
Exploits0
Ubuntu
Ubuntu
added 2021/01/11 9:57 p.m.147 views

USN-4689-2: Linux kernel vulnerabilities

USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed...

7.8CVSS6.5AI score0.01777EPSS
Exploits0
Rows per page
Query Builder