Lucene search
+L

102 matches found

thn
thn
added 2021/09/10 5:7 a.m.75 views

Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances

Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances ACI services that could have been weaponized by a malicious actor "to access other customers' information" in what the researchers described as the "first cross-account container takeover in the public...

9.3CVSS0.5AI score0.9857EPSS
Exploits33
mmpc
mmpc
added 2021/08/17 4:0 p.m.40 views

Microsoft and NIST collaborate on EO to drive Zero Trust adoption

2020s Nobelium attack sent shock waves through both government and private sectors. 2021 has already seen large-scale nation-state attacks such as Hafnium1 alongside major ransomware attacks2 on critical infrastructure. The breadth and boldness of these attacks show that, far from being deterred,...

8.1AI score
Exploits0
mssecure
mssecure
added 2021/08/17 4:0 p.m.43 views

Microsoft and NIST collaborate on EO to drive Zero Trust adoption

2020s Nobelium attack sent shock waves through both government and private sectors. 2021 has already seen large-scale nation-state attacks such as Hafnium1 alongside major ransomware attacks2 on critical infrastructure. The breadth and boldness of these attacks show that, far from being deterred,...

8.1AI score
Exploits0
mmpc
mmpc
added 2021/07/21 4:5 p.m.54 views

Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management

Today on the Official Microsoft Blog, Microsoft announced the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management CIEM. CloudKnox offers complete visibility into privileged access. It helps organizations right-size permissions and consistently enforce...

2.3AI score
Exploits0
threatpost
threatpost
added 2021/06/15 2:47 p.m.31 views

SASE & Zero Trust: The Dream Team

Zero Trust: We’ve been kicking that term around since 2003, by what exactly is it? In a nutshell, it’s not treating computers like humans, says Chase Cunningham, chief strategy officer at Ericom Software. Zero trust means “not putting trust relationships inside of computerized systems…and what we...

7.1AI score
Exploits0References1
cnvd
cnvd
added 2021/05/28 12:0 a.m.7 views

MesaLabs AmegaView Command Injection Vulnerability (CNVD-2021-39559)

MesaLabs AmegaView is a continuous monitoring system CMS from MesaLabs USA. A command injection vulnerability exists in MesaLabs AmegaView version 3.0 and prior versions. An attacker can exploit this vulnerability to execute commands in the web server...

9.9CVSS7.6AI score0.03081EPSS
Exploits0References1
cnvd
cnvd
added 2021/05/28 12:0 a.m.6 views

MesaLabs AmegaView Command Injection Vulnerability

MesaLabs AmegaView is a continuous monitoring system CMS from MesaLabs USA. A command injection vulnerability exists in MesaLabs AmegaView version 3.0 and prior versions, which stems from passwords in the system that are generated by an easily reversible algorithm, and the use of default cookies...

10CVSS8AI score0.02295EPSS
Exploits0References1
cnnvd
cnnvd
added 2021/05/27 12:0 a.m.5 views

MesaLabs AmegaView 授权问题漏洞

MesaLabs AmegaView is a continuous monitoring system CMS from MesaLabs USA. A security vulnerability exists in MesaLabs AmegaView 3.0 and earlier versions, which can be exploited by an attacker to elevate the privileges of the...

7.8CVSS5.6AI score0.00217EPSS
Exploits0References5
mssecure
mssecure
added 2021/03/15 4:0 p.m.175 views

5 steps to enable your corporate SOC to rapidly detect and respond to IoT/OT threats

As organizations connect massive numbers of IoT/OT devices to their networks to optimize operations, boards and management teams are increasingly concerned about the expanding attack surface and corporate liability that they represent. These connected devices can be compromised by adversaries to...

0.7AI score
Exploits0
rapid7blog
rapid7blog
added 2021/03/01 4:21 p.m.41 views

How to Achieve and Maintain Continuous Cloud Compliance

This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in participating in the next summit on Tuesday, March 9? Register here! There are two things that make data a hot topic. First, keeping track of your organization’s sheer...

6.9AI score
Exploits0
schneier
schneier
added 2020/09/09 11:37 a.m.24 views

US Space Cybersecurity Directive

The Trump Administration just published "Space Policy Directive - 5": "Cybersecurity Principles for Space Systems." Its pretty general: Principles. a Space systems and their supporting infrastructure, including software, should be developed and operated using risk-based, cybersecurity-informed...

1.8AI score
Exploits0
qualysblog
qualysblog
added 2020/08/10 5:22 p.m.25 views

Continuous Monitoring and Beyond

As security professionals, we struggle with the high volume of data we need to sort through while trying to parse out the critical alerts that are important for us to take immediate action upon. Being at the forefront of innovation for the past 20 years, Qualys offers 20 plus solutions which all...

7.3AI score
Exploits0
thn
thn
added 2020/07/06 11:38 a.m.74 views

Cato MDR: Managed Threat Detection and Response Made Easy

Lately, we can't help noticing an endless cycle where the more enterprises invest in threat prevention; the more hackers adapt and continue to penetrate enterprises. To make things worse, detecting these penetrations still takes too long with an average dwell time that exceeds 100 ! days. To keep...

7AI score
Exploits0
impervablog
impervablog
added 2020/07/01 9:35 a.m.29 views

Imperva Prevents Client-Side Attacks like Formjacking and Magecart

The Blindspot of Web Security is Client-side Code One of the troubling blindspots for security teams is third party JavaScript services embedded on a website. The popularity of JavaScript services used by developers and marketing teams means this blindspot is hiding an expanding attack service. I...

0.4AI score
Exploits0
atlassian
atlassian
added 2020/05/01 5:16 p.m.119 views

Access to all question drafts in private spaces via API

h3. Issue Summary Questions leak information through private space https://asecurityteam.atlassian.net/browse/BOUNTY-2559 h3. Steps to Reproduce Access to questions in spaces is limited to those users that have access to the space. However, question drafts in a restricted space can be accessed by...

1.7AI score
Exploits0Affected Software1
coalfire
coalfire
added 2020/04/27 4:44 p.m.11 views

So your company has decided to do FedRAMP - What does that mean?

The exponential increase in cloud adoption in recent years has led to a dramatic increase in technology companies evolving from software and application companies to Software as a Service SaaS, Platform as a Service PaaS or Infrastructure as a Service IaaS providers. The 2011 release of the Cloud...

3.5AI score
Exploits0
coalfire
coalfire
added 2020/04/27 4:44 p.m.15 views

So your company has decided to do FedRAMP - What does that mean?

The exponential increase in cloud adoption in recent years has led to a dramatic increase in technology companies evolving from software and application companies to Software as a Service SaaS, Platform as a Service PaaS or Infrastructure as a Service IaaS providers. The 2011 release of the Cloud...

3.5AI score
Exploits0
coalfire
coalfire
added 2020/04/27 4:44 p.m.10 views

So your company has decided to do FedRAMP - What does that mean?

The exponential increase in cloud adoption in recent years has led to a dramatic increase in technology companies evolving from software and application companies to Software as a Service SaaS, Platform as a Service PaaS or Infrastructure as a Service IaaS providers. The 2011 release of the Cloud...

3.5AI score
Exploits0
coalfire
coalfire
added 2020/04/27 4:44 p.m.13 views

So your company has decided to do FedRAMP - What does that mean?

The exponential increase in cloud adoption in recent years has led to a dramatic increase in technology companies evolving from software and application companies to Software as a Service SaaS, Platform as a Service PaaS or Infrastructure as a Service IaaS providers. The 2011 release of the Cloud...

3.5AI score
Exploits0
qualysblog
qualysblog
added 2019/12/03 9:2 p.m.30 views

Streamlining and Automating Compliance

There are seemingly countless regulatory and industry frameworks out there that organizations have to navigate and comply with. SOX Sarbanes-Oxley, PCI-DSS Payment Card Industry Data Security Standard, GDPR General Data Protection Regulation, HIPAA Health Insurance Portability and Accountability...

0.1AI score
Exploits0
Rows per page
Query Builder