CVE-2024-30801

SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component...

CVE-2024-30801

SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component...

Qualys Launches MSSP Portal to Empower Managed Security Service Providers

In the words of Sun Tzu, In the midst of chaos, there is also opportunity. This aptly captures the essence of todays cybersecurity landscape. Managed Security Service Providers MSSPs stand at the forefront, turning chaos into opportunity by securing digital assets across the entire infrastructure...

ALSA-2024:2147 Moderate: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: freeipa: specially crafted HTTP requests potentially lead to denial of service CVE-2024-1481 For more...

Identity in the Shadows: Shedding Light on Cybersecurity's Unseen Threats

In today's rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to...

Navigating the EU NIS2 Directive

How Qualys Cybersecurity Solutions Ensure Compliance The European Union’s revised Network and Information Security NIS2 Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple with...

Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity Cloud PAM Essentials

As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management PAM solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing...

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage system lies in improper input validation during the creation of web pages. This allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage solutions is related to the ability to copy HTML code without formatting Ctrl+Shift+V. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks XSS...

Wizards of security, casting spells on themselves for ultimate digital security

Wiz practices what it preaches. Let’s look at how the security team at Wiz uses the power of the Wiz platform to monitor all its cloud-based infrastructure and services...

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs...

Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks

Threat actors are leveraging digital document publishing DDP sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate...

The vulnerability of the software for automated, cloud-based, and on-premise administration of IBM Security Verify Privilege accounts stems from lack of access control mechanisms. This allows attackers to exploit the vulnerabilities to disclose protected information.

The vulnerability of the software for automated, cloud-based, and on-premise administration of IBM Security Verify Privilege accounts is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to disclose protected information through a specially...

Microsoft Intune Security Vulnerability

Microsoft Intune is a Microsoft cloud-based management tool from Microsoft Corporation USA that is part of Microsoft Endpoint Manager. for managing mobile devices and operating systems. It is designed to provide unified endpoint management for enterprise and BYOD devices in a way that protects...

BIT-AKENEO-2022-46157

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection

In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get starte...

Novel Smishing Kit Leverages Cloud Platform

Summary: SNS Sender, a malicious Python script that leverages AWS SNS for mass SMS spamming, presents a novel approach to cloud-based attack tools, particularly in the area of smishing. The ARDUINODAS threat actor is linked to the operation that uses this cloud capability to send out a lot of...

Kingdee CloudStar ERP suffers from deserialization vulnerability

Kingdee Cloudstar is a cloud-based enterprise resource management ERP software that provides integrated solutions for financial management, supply chain management, and business process management. A deserialization vulnerability exists in Kingdee CloudStar ERP, which can be exploited by attacker...

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage solution lies in the lack of authentication attempt limits. This allows attackers to execute a brute-force attack.

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage solution is related to the lack of restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to carry out a brute-force attack...

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage system is related to improper access control. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage solutions is related to improper access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

ipa, python2 security update

CentOS Errata and Security Advisory CESA-2024:0145 An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...