Lucene search
K

160 matches found

Prion
Prion
added 2020/08/27 4:15 p.m.22 views

Cross site request forgery (csrf)

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2....

6.8CVSS8.3AI score0.0105EPSS
Exploits0References1Affected Software9
Prion
Prion
added 2020/08/27 4:15 p.m.23 views

Cross site scripting

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0,...

4.3CVSS6.2AI score0.00722EPSS
Exploits0References1Affected Software9
Positive Technologies
Positive Technologies
added 2020/08/27 12:0 a.m.5 views

PT-2020-15815 · Wso2 · Wso2 Identity Server Analytics +8

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 WSO2 API Manager Analytics versions 2.2.0 WSO2 API Microgateway versions 2.2.0 WSO2 Data Analytics Server versions 3.2.0 WSO2 Enterprise Integrator versions through 6.6.0 WSO2 IS as Key Manager versions 5.5.0...

6.1CVSS6.2AI score0.00722EPSS
Exploits0References4
CVE
CVE
added 2020/08/27 12:0 a.m.52 views

CVE-2020-24704

CVE-2020-24704 is a reflected XSS vulnerability affecting multiple WSO2 products (API Manager, API Manager Analytics, API Microgateway, Data Analytics Server, Enterprise Integrator, IS as Key Manager, Identity Server/Analytics, and IoT Server) with versions listed in the Initial description. The ...

6.1CVSS6.2AI score0.00722EPSS
Exploits0References1Affected Software9
CVE
CVE
added 2020/08/27 12:0 a.m.55 views

CVE-2020-24703

CVE-2020-24703 affects multiple WSO2 products: API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0–...

8.8CVSS8.4AI score0.0105EPSS
Exploits0References1Affected Software9
Cvelist
Cvelist
added 2020/08/27 12:0 a.m.33 views

CVE-2020-24704

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0,...

6.1CVSS6.3AI score0.00722EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/08/27 12:0 a.m.7 views

PT-2020-15814 · Wso2 · Wso2 Identity Server Analytics +8

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 WSO2 API Manager Analytics versions 2.2.0 WSO2 API Microgateway versions 2.2.0 WSO2 Data Analytics Server versions 3.2.0 WSO2 Enterprise Integrator versions through 6.6.0 WSO2 IS as Key Manager versions 5.5.0...

8.8CVSS8.4AI score0.0105EPSS
Exploits0References4
Kitploit
Kitploit
added 2020/04/06 12:0 p.m.110 views

OSSEM - Open Source Security Events Metadata

The Open Source Security Events Metadata OSSEM is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference fo...

7.1AI score
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2020/02/03 12:0 a.m.7 views

The vulnerability of Intel’s Data Analytics Acceleration Library, related to permission processing errors, allows attackers to disclose protected information.

The vulnerability of the Intel Data Analytics Acceleration Library is related to permission processing errors. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by the library’s security measures...

3.9CVSS5.8AI score0.00275EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2020/01/28 6:16 p.m.65 views

Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners

UPDATE Amazon’s Ring Doorbell app for Android is a nexus for data-harvesting, according to an investigation by the Electronic Frontier Foundation EFF. Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn’t have a...

Exploits0References6
Intel
Intel
added 2020/01/14 12:0 a.m.26 views

Intel® DAAL Advisory

Summary: A potential security vulnerability in the Intel® Data Analytics Acceleration Library DAAL may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-14629 Description: Improper permissions in Inte...

5.5CVSS5.4AI score0.00275EPSS
Exploits0
CVE
CVE
added 2019/12/18 5:33 p.m.59 views

CVE-2019-8632

CVE-2019-8632 concerns Texture’s analytics data being sent over HTTP instead of HTTPS. The issue affects Texture versions prior to the fixed releases and could allow interception of analytics data by an attacker in a privileged network position. The connected sources specify fixed versions: Textu...

6.5CVSS5.9AI score0.01293EPSS
Exploits0References3Affected Software1
Kitploit
Kitploit
added 2019/11/30 11:30 a.m.202 views

Mordor - Re-play Adversarial Techniques

The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation JSON files for easy consumption. The pre-recorded data is categorized by platforms, adversary groups, tactics and techniques defined by the Mitre ATT&CK...

7.2AI score
Exploits0References4
Imperva Blog
Imperva Blog
added 2019/11/07 10:4 p.m.61 views

How Machine Learning is Changing the Face of Financial Services

Artificial intelligence AI has become integrated into our everyday lives. It powers what we see in our social media newsfeeds, activates facial recognition to unlock our smartphones, and even suggests music for us to listen to. Machine learning, a subset of AI, is progressively integrating into o...

0.7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/09/20 7:48 p.m.191 views

Facebook Removed Tens of Thousands of Apps Post-Cambridge Analytica

Facebook said it has suspended tens of thousands of apps as part of its ongoing investigation into how third-party apps on its platform collect, handle and utilize users’ personal data. The results of the investigation, launched in March 2018 in response to Facebook’s infamous Cambridge Analytica...

0.3AI score
Exploits0References11
Carbon Black Blog
Carbon Black Blog
added 2019/09/05 4:29 p.m.63 views

Implementing EQR — Creating a Solution for Real-Time Processing of Disparate Big Data Sources

Building an Event Query Router for Big Data Translation and Processing In a previous post, we discussed the data engineering challenge of scaling security. Analyzing the volume and variety of data required by a cybersecurity application isn’t an easy process, so we are always looking for innovati...

7.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2019/08/19 3:0 p.m.96 views

How much personalization is too much?

This story originally ran in The Parallax on January 25, 2019, and was written by Dan Tynan. In 2012, when Target used data analytics to identify customers who were expecting a baby, then mailed them coupons for maternity clothing and nursery furniture, it inadvertently revealed a teenage girl’s...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2019/06/05 2:8 p.m.155 views

Why Election Trust is Dwindling in a Post-Cambridge Analytica World

LONDON, UK – The 2018 Facebook-Cambridge Analytica incident opened the world’s eyes to how much private user data was being collected, shared and sold. But experts worry that future ramifications of this scandal go way beyond Facebook and have created distrust in the election process as a whole...

6.8AI score
Exploits0References4
Akamai Blog
Akamai Blog
added 2019/05/23 4:0 p.m.139 views

Broadcast Operations Control Center (BOCC): Enabling OTT Broadcast Operations

So, what is the BOCC? Simply put, Akamai runs a state-of-the-art Broadcast Operations Control Centre, the BOCC, to help ensure smooth and seamless end-user play-back experience for live OTT Over the Top and linear video delivered through Akamai Media Delivery Solutions. To phrase it more...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2019/03/05 8:13 a.m.106 views

Google Launches Backstory — A New Cyber Security Tool for Businesses

Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential...

7.3AI score
Exploits0
Rows per page
Query Builder