CVE-2024-11702

CVE-2024-11702 concerns Mozilla Firefox and Mozilla Thunderbird information disclosure due to insufficient clipboard protection in Android Private Browsing mode. Affected products: Firefox and Thunderbird with versions prior to 133. Root cause: clipboard data (sensitive data such as passwords) co...

upKeeper 安全漏洞

upKeeper is a cloud-based or local solution from upKeeper Inc. A security vulnerability exists in upKeeper versions prior to 1.2, which stems from the presence of an incorrect privilege management vulnerability that allows privilege escalation...

Schneider Electric EcoStruxure IT Gateway 安全漏洞

Schneider Electric EcoStruxure IT Gateway is a suite of cloud-based data center management-as-a-service DMaaS offerings from Schneider Electric, a French company. A security vulnerability exists in Schneider Electric EcoStruxure IT Gateway that stems from a lack of authorization vulnerability tha...

Perforce Gliffy 安全漏洞

Perforce Gliffy is a Perforce software for charting via HTML5 cloud-based applications. A security vulnerability exists in Perforce Gliffy versions prior to 4.14.0-6 that stems from an insecure configuration...

IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called...

Qualys Launches Enterprise TruRisk™ Management: The Industry’s First Cloud-Based Risk Operations Center

In today’s complex cybersecurity landscape, Chief Information Security Officers CISOs and business leaders require more than just a collection of disconnected tools to manage risks effectively—they need a unified, integrated approach. Today, we proudly announce the launch of Qualys Enterprise...

How Cloud-Based Solutions Are Transforming Software Quality Assurance

Cloud-based solutions are transforming the software quality assurance QA industry. As organizations increasingly migrate their development and verification…...

New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials

Cybersecurity researchers are calling attention to a new QR code phishing aka quishing campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud applications, attacke...

Microsoft Entra ID 访问控制错误漏洞

Microsoft Entra ID is a cloud-based identity and management solution from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Entra ID that stems from the presence of an elevation of privilege issue...

It's Time To Untangle the SaaS Ball of Yarn

It's no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely rely on cloud-based and remote applications to conduct our basic functions, with the result that the only true perimeter of our networks has become the...

upKeeper 安全漏洞

upKeeper is a cloud-based or local solution from upKeeper, Inc. A security vulnerability exists in upKeeper version 5.1.9 and prior versions that stems from the presence of an incorrect authentication vulnerability that allows bypassing authentication...

LumisXP Security Vulnerability

LumisXP is a cloud-based digital experience software from Lumis Inc. It helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in LumisXP versions v15.0.x through v16.1.x. An attacker can exploit the vulnerability to...

Important: Red Hat Security Advisory: ipa security update

An update for ipa is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RHEL 9 : ipa (RHSA-2024:3757)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3757 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and...

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n arson when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...

CVE-2024-30801

SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component...

CVE-2024-30801

SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component...

Qualys Launches MSSP Portal to Empower Managed Security Service Providers

In the words of Sun Tzu, In the midst of chaos, there is also opportunity. This aptly captures the essence of todays cybersecurity landscape. Managed Security Service Providers MSSPs stand at the forefront, turning chaos into opportunity by securing digital assets across the entire infrastructure...

ALSA-2024:2147 Moderate: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: specially crafted HTTP requests potentially lead to denial of service CVE-2024-1481 For more...

Identity in the Shadows: Shedding Light on Cybersecurity's Unseen Threats

In today's rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to...